What is Security Supplement p535243, the BIND BIND 9.4-ESV Update for OpenServer 6.0.0? KEYWORDS: openserver 6.0.0 600 security bind 9.4-ESV update supplement p535243 fz535243 dig nslookup hang SCOSA-2010.1 dns domain name server CVE-2009-0696 CVE-2009-4022 CVE-2010-0097 RELEASE: OpenServer 6.0.0 PROBLEM: What is Security Supplement p535243, the BIND 9.4-ESV Update for OpenServer 6.0.0? SOLUTION: The supplement brings Bind 9 up to date with the latest security fixes and also addresses an issue that can cause dig(ADMN) and nslookup(ADMN)to hang under certain circumstances. What follows is the Security Advisory for this fix: ______________________________________________________________________________ SCO Security Advisory Subject: BIND 9.4_ESV Update for OpenServer 6.0.0 Advisory number: SCOSA-2010.2 Issue date: 7th April 2010 Cross reference: fz535243 CVE-2009-0696, CVE-2009-4022 and CVE-2010-0097 ______________________________________________________________________________ 1. Problem Description Security Supplement p535243, the BIND 9.4-ESV Update for OpenServer 6.0.0 addresses the following issues: BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses CVE: CVE-2010-0097 CERT: VU#360341 BIND 9 Cache Update from Additional Section CVE: CVE-2009-4022 CERT: VU#418861 BIND Dynamic Update DoS CVE: CVE-2009-0696 CERT: VU#725188 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenServer 6.0.0 Maintenance Pack 4 3. Solution The proper solution is to install the relevant package below. 4. OpenServer 6.0.0 This patch should only be installed on OpenServer 6.0.0 systems with Maintenance Pack 4 installed. 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/openserver6/600/security/p535243_osr6/ 4.2 Verification MD5 (p535243a_vol.tar) = dee6827a72876b9acda702daf5cb1d41 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installation Instructions To install P535243B follow these steps: 1. Login as root 2. Create an empty directory, such as /tmp/p535243b, to which the patch will be downloaded. 3. Download the P535243B patch file p535243b_vol.tar to the directory created in step 2. 4. After the download is complete, change to the directory containing the p535243b_vol.tar file and run the following to extract the media image files: tar xvf p535243b_vol.tar 5. Run the Software Manager with the command: scoadmin software or double-click on the Software Manager icon in the desktop. 6. Pull down the "Software" menu and select "Install New". 7. When prompted for the host from which to install, choose the local machine and then "Continue". 8. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue". 9. When prompted for the "Image Directory", enter "/tmp/p535243b" (or the directory where you placed the P535243B patch file p535243b_vol.tar in step 2) and choose "OK." 10. When prompted to select software to install, make sure that the "P535243B" entry is highlighted. Choose "Install". Once installation is complete, select "OK". 11. Installation of Escalation Supplement P535243B is now complete. To exit the Software Manager, select "Exit" from the "Host" menu. 12. Once the installation has completed, you can remove or archive the P535243B patch file p535243b_vol.tar, the media image files, and the containing directory created in step 2. 13. There is no need to reboot the system after installing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary patches have been installed, it is good practice to reboot the system at the earlier opportunity. This will ensure that no programs continue to run with the old libraries or commands. 4.4 Removal Instructions Note: Patches must be rolled back in the reverse order in which they were installed on a per-component basis. 1. Log in as root. 2. Execute the command: scoadmin software or double-click on the Software Manager icon in the desktop. 3. Highlight the "P535243B" entry. 4. Pull down the "Software" menu and select "Remove Software". 5. Once the removal finishes, quit the Software Manager. 6. It is not necessary to reboot your system immediately. The system will continue to run with the routes defined by the updated route command until the next reboot. 5. References SCO security resources: http://www.sco.com/support/download.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz535243. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 6. Disclaimers SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments N/A