Date: Wed, 31 Jan 2001 10:26:49 -0700
From: Caldera Support Info <[email protected]>
To: [email protected]Subject: Security Advisory: BIND buffer overflow CSSA-2001-008.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
___________________________________________________________________________=
___
Caldera Systems, Inc. Security Advisory
Subject: BIND buffer overflow
Advisory number: CSSA-2001-008.1
Issue date: 2001 January, 29
Last change: 2001 January, 31
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
Several security problems have been discovered in the most recent
versions of BINDv8 (8.2.2p7). One of them is a buffer overflow that
can potentially exploited to execute arbitrary code with the privilege
of the bind user.
If you do not run the BIND named server, you are not affected
by this problem.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
bind-8.2.3
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder bind-8.2.3
OpenLinux eDesktop 2.4 All packages previous to
bind-8.2.3
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
As a matter of caution, we also suggest that you run the name
server process under a non-root user ID. In case of future
security holes in bind, this makes sure that remote attackers
do not immediately obtain root access.
Be warned however that when running the name server process
under a non-root uid it loses the ability to automatically
re-bind itself when you change the address of a network
interface, or create a new one. If you do that, you need
to manually restart named in this case.
On eDesktop 2.4, named already runs under the "bind" account by
default; this is not the case on OpenLinux 2.3 and eServer 2.3.1,
however.
Here's what to do:
a. Create a new user and group named `bind'.
Pick an unused user and group ID (on a normal OpenLinux
installation, uid and gid 19 should be available).
Run the following commands as super user, replacing
<uid> and <gid> by the user and group IDs you selected:
# groupadd -g <gid> bind
# useradd -u <uid> -g <gid> -d / -s /bin/false bind
b. Change the ownership of /var/named to bind.bind:
# chown -R bind.bind /var/named
=09
c. Edit /etc/sysconfig/daemons/named. Replace the line
OPTIONS=3D""
with
OPTIONS=3D"-u bind"
This makes sure that the name server process relinquishes
root privilege after initialization.
d. Stop and restart your name server:
# /etc/rc.d/init.d/named stop
# /etc/rc.d/init.d/named start
Note that simply issuing /etc/rc.d/init.d/named restart
will not be enough!
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
=20
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
01f9c6b514ab5aa70c3fe200c0c97243 RPMS/bind-8.2.3-1.i386.rpm
89ed56545ee05e8adf81775b2754afd0 RPMS/bind-doc-8.2.3-1.i386.rpm
41b9707056286325f4da4f45c0547b27 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
acd707632ae0e33432b5d37862265517 RPMS/bind-8.2.3-1.i386.rpm
679d55e150b0bc8de0828db076e8594b RPMS/bind-doc-8.2.3-1.i386.rpm
a2b1b9764e884f4b1ed2b77e222a6755 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
f454346c9bf531d6e9aa014d2be93e99 RPMS/bind-8.2.3-1.i386.rpm
33a4e0f2ff622ea60e920c189b48af00 RPMS/bind-doc-8.2.3-1.i386.rpm
a786125567471a7bd42544e104977d15 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
Additional information on this bug can be found at
http://www.cert.org/advisories/CA-2001-02.html
This security fix closes Caldera's internal Problem Report 8942.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
___________________________________________________________________________=
___
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6d+3l18sy83A/qfwRAjDSAJ9t7R8OiGb95t+DEsHUAW628jt7SgCeK1uB
5bK+TyAtICtvl/D84AnCz40=3D
=3DRkYp
-----END PGP SIGNATURE-----
=00