-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: several vulnerabilities in bind Advisory number: CSSA-1999-034.0 Issue date: 1999 November, 11 Cross reference: ______________________________________________________________________________ 1. Problem Description Several vulnerabilities have been discovered in BIND, the DNS name server implementation maintained by the Internet Consortium, and shipped with OpenLinux. At least one of them, the so-called ``NXT bug,'' involves a buffer overflow that can possibly be used by a skilled attacker to execute arbitrary code with the privilege of the name server process. Five other bugs could be exploited by remote and local users to crash the name server. 2. Vulnerable Versions Systems : up to COL 2.3 Packages: up to bind-8.1.2-i386.rpm 3. Solutions Workaround: not known The proper solution is to upgrade to the latest packages rpm -U bind-8.2.2p3-1.i386.rpm rpm -U bind-utils-8.2.2p3-1.i386.rpm rpm -U bind-doc-8.2.2p3-1.i386.rpm As a matter of caution, we also suggest that you run the name server process under a non-root user ID. In case of future security holes in bind, this makes sure that remote attackers aren't immediately granted with root access. Be warned however that when running the name server process under a non-root uid it loses the ability to automatically re-bind itself when you change the address of a network interface, or create a new one. If you do that, you need to manually restart named in this case. Here's what to do: a. Create a new user and group named `bind'. Pick an unused user and group ID (on a normal OpenLinux installation, uid and gid 19 should be available). Run the following commands as super user, replacing and by the user and group IDs you selected: # groupadd -g bind # useradd -u -g -d / -s /bin/false bind b. Change the ownership of /var/named to bind.bind: # chown -R bind.bind /var/named c. Edit /etc/sysconfig/daemons/named. Replace the line OPTIONS="" with OPTIONS="-u bind" This makes sure that the name server process relinquishes root privilege after initialization. d. Stop and restart your name server: # /etc/rc.d/init.d/named stop # /etc/rc.d/init.d/named start Note that simply issuing /etc/rc.d/init.d/named restart will not be enough! 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS/ 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U bind-8.2.2p3-1.i386.rpm rpm -U bind-utils-8.2.2p3-1.i386.rpm rpm -U bind-doc-8.2.2p3-1.i386.rpm 6. Verification db1dda05dbe0f67c2bd2e5049096b42c RPMS/bind-8.2.2p3-1.i386.rpm 82bbe025ac091831904c71c885071db1 RPMS/bind-doc-8.2.2p3-1.i386.rpm 2f9a30444046af551eafd8e6238a50c6 RPMS/bind-utils-8.2.2p3-1.i386.rpm 0e4f041549bdd798cb505c82a8911198 SRPMS/bind-8.2.2p3-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 5161. More information is available from the CERT advisory http://www.cert.org/advisories/CA-99-14-bind.html 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOCp+Jen+9R4958LpAQGDcgP/YAMmD8SmMf1/2AN1+VoMKJXbwPo/WzrP NCFrjac8764Ruofho8h9m+R0Ricg9vZlsCoB2GNzJhsR50wTEya986I+L7jolsdy BR19QI6AUWyZg7pfrnWnFSbj3FZmy7Ttg0Z+NWv8zRVIZSaB52G67I7+V5tjBw8t Cfg01Yl1ZEc= =8VVq -----END PGP SIGNATURE-----