June 6, 2002

SOT Linux Advisory: bind

SOT Linux: "Versions of BIND 9 prior to 9.2.1 have a bug that causes certain
requests to the BIND name server (named) to fail an internal
consistency check, causing the name server to stop responding to
requests. This can be used by a remote attacker to cause a denial of
service (DOS) attack against name servers."
---------------------------------------------------------------------
                   SOT Linux Security Advisory


Subject:           Updated bind package for SOT Linux 2002
Advisory ID:       SLSA-2002:7
Date:              Thursday, June 6, 2002
Product:           SOT Linux 2002
---------------------------------------------------------------------


1. Problem description


Versions of BIND 9 prior to 9.2.1 have a bug that causes certain
requests to the BIND name server (named) to fail an internal
consistency check, causing the name server to stop responding to
requests. This can be used by a remote attacker to cause a denial of
service (DOS) attack against name servers.





2. Updated packages


SOT Linux 2002 Desktop:
 

i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/bind-utils-9.2.1-1.i386.rpm
 

SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/bind-9.2.1-1.src.rpm
 
 

SOT Linux 2002 Server:
 

i386:
ftp://ftp.sot.com/updates/2002/Server/i386/bind-9.2.1-1.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/bind-utils-9.2.1-1.i386.rpm


SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/bind-9.2.1-1.src.rpm



3. Upgrading package


Use up2date to automatically upgrade the fixed packages.
 

If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux
 

Update the package with the following command:
rpm -Uvh filename



4. Verification


All packages are PGP signed by SOT for security.
 

You can verify each package with the following command:
rpm --checksig filename 
 

If you wish to verify the integrity of the downloaded package, run
"md5sum filename" and compare the output with data given below.
 
 

Package Name                              MD5 sum
--------------------------------------------------------------------------
/Desktop/i386/bind-utils-9.2.1-1.i386.rpm 5f3df4a88ed9a2961de6af45c4b0a788      
/Desktop/SRPMS/bind-9.2.1-1.src.rpm       d2e274c8a861c4cd5a9e9b8cb76df44e
/Server/i386/bind-utils-9.2.1-1.i386.rpm  5f3df4a88ed9a2961de6af45c4b0a788
/Server/i386/bind-9.2.1-1.i386.rpm        e74c33d4c0774d92bd629ded5028da04
/Server/SRPMS/bind-9.2.1-1.src.rpm        d2e274c8a861c4cd5a9e9b8cb76df44e



5. References


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400


Copyright(c) 2001, 2002 SOT
        

---------------------------------------------------------------------
You can view other update advisories for SOT Linux 2002 at:
http://www.sot.com/en/linux/sa/
---------------------------------------------------------------------

Category:

  • Security
Click Here!