-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: several vulnerabilities in bind Advisory number: CSSA-1999-034.1 Issue date: 1999 November, 11 Last change: 1999 December, 11 Cross reference: ______________________________________________________________________________ 1. Problem Description Several vulnerabilities have been discovered in BIND, the DNS name server implementation maintained by the Internet Consortium, and shipped with OpenLinux. At least one of them, the so-called ``NXT bug,'' involves a buffer overflow that can possibly be used by a skilled attacker to execute arbitrary code with the privilege of the name server process. Five other bugs could be exploited by remote and local users to crash the name server. 2. Vulnerable Versions Systems : up to COL 2.3 Packages: up to bind-8.1.2-i386.rpm 3. Solutions Workaround: not known The proper solution is to upgrade to the latest packages rpm -U bind-8.2.2p4-1.i386.rpm rpm -U bind-utils-8.2.2p4-1.i386.rpm rpm -U bind-doc-8.2.2p4-1.i386.rpm As a matter of caution, we also suggest that you run the name server process under a non-root user ID. In case of future security holes in bind, this makes sure that remote attackers aren't immediately granted with root access. Be warned however that when running the name server process under a non-root uid it loses the ability to automatically re-bind itself when you change the address of a network interface, or create a new one. If you do that, you need to manually restart named in this case. Here's what to do: a. Create a new user and group named `bind'. Pick an unused user and group ID (on a normal OpenLinux installation, uid and gid 19 should be available). Run the following commands as super user, replacing and by the user and group IDs you selected: # groupadd -g bind # useradd -u -g -d / -s /bin/false bind b. Change the ownership of /var/named to bind.bind: # chown -R bind.bind /var/named c. Edit /etc/sysconfig/daemons/named. Replace the line OPTIONS="" with OPTIONS="-u bind" This makes sure that the name server process relinquishes root privilege after initialization. d. Stop and restart your name server: # /etc/rc.d/init.d/named stop # /etc/rc.d/init.d/named start Note that simply issuing /etc/rc.d/init.d/named restart will not be enough! 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS/ 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U bind-8.2.2p4-1.i386.rpm rpm -U bind-utils-8.2.2p4-1.i386.rpm rpm -U bind-doc-8.2.2p4-1.i386.rpm 6. Verification 08f4bcc816d511f9d2e07e82d5bce1f3 RPMS/bind-8.2.2p4-1.i386.rpm 73233ce41d30d899bb7c8e1d10489a36 RPMS/bind-doc-8.2.2p4-1.i386.rpm 4e775a5fcb711829d51a826c1ae9d88d RPMS/bind-utils-8.2.2p4-1.i386.rpm f297b3dd9d12a1405c6f9ca0143694db SRPMS/bind-8.2.2p4-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 5161. More information is available from the CERT advisory http://www.cert.org/advisories/CA-99-14-bind.html 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOFKIs+n+9R4958LpAQE3AAP/VUQ6cuqJnq8lzH6rtFKhnWujtD7xcY2u beqWQmV3xbAEa42kbRJTe379VcN8Z2YI2F3scrXubiVywxPRhAgasLe8ekKmLuGe Cu9oJvifBoYZLc57J+TMXXb5/8MMN/rjew01Zk14c9w3S6NyKKV4RUb8BxVW2F+u Oa+2p5VvVYc= =e2Lv -----END PGP SIGNATURE-----