TUCoPS :: Linux :: Discontinued :: cs2034-0.txt

buffer overflow in multiple DNS resolver libraries - Caldera Advisory CSSA-2002-034.0 

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: buffer overflow in multiple DNS resolver libraries
Advisory number: 	CSSA-2002-034.0
Issue date: 		2002 August 05
Cross reference:
______________________________________________________________________________


1. Problem Description

	From CERT CA-2002-19: A buffer overflow vulnerability exists in
	multiple implementations of DNS resolver libraries. Operating
	systems and applications that utilize vulnerable DNS resolver
	libraries may be affected. A remote attacker who is able to
	send malicious DNS responses could potentially exploit this
	vulnerability to execute arbitrary code or cause a denial of
	service on a vulnerable system.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to bind-8.3.3-1.i386.rpm
					prior to bind-doc-8.3.3-1.i386.rpm
					prior to bind-utils-8.3.3-1.i386.rpm
					prior to glibc-2.2.4-23.i386.rpm
					prior to glibc-devel-2.2.4-23.i386.rpm
					prior to glibc-devel-static-2.2.4-23.i386.rpm
					prior to glibc-localedata-2.2.4-23.i386.rpm
					prior to nscd-2.2.4-23.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to bind-8.3.3-1.i386.rpm
					prior to bind-doc-8.3.3-1.i386.rpm
					prior to bind-utils-8.3.3-1.i386.rpm
					prior to glibc-2.2.4-23.i386.rpm
					prior to glibc-devel-2.2.4-23.i386.rpm
					prior to glibc-devel-static-2.2.4-23.i386.rpm
					prior to glibc-localedata-2.2.4-23.i386.rpm
					prior to nscd-2.2.4-23.i386.rpm

	OpenLinux 3.1 Server		prior to bind-8.3.3-1.i386.rpm
					prior to bind-doc-8.3.3-1.i386.rpm
					prior to bind-utils-8.3.3-1.i386.rpm
					prior to glibc-2.2.4-23.i386.rpm
					prior to glibc-devel-2.2.4-23.i386.rpm
					prior to glibc-devel-static-2.2.4-23.i386.rpm
					prior to glibc-localedata-2.2.4-23.i386.rpm
					prior to nscd-2.2.4-23.i386.rpm

	OpenLinux 3.1 Workstation	prior to bind-8.3.3-1.i386.rpm
					prior to bind-doc-8.3.3-1.i386.rpm
					prior to bind-utils-8.3.3-1.i386.rpm
					prior to glibc-2.2.4-23.i386.rpm
					prior to glibc-devel-2.2.4-23.i386.rpm
					prior to glibc-devel-static-2.2.4-23.i386.rpm
					prior to glibc-localedata-2.2.4-23.i386.rpm
					prior to nscd-2.2.4-23.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/RPMS

4.2 Packages

	c4175dab7596a7e20540b548a9245351	bind-8.3.3-1.i386.rpm
	0492168645952a0c3331a8550a955b98	bind-doc-8.3.3-1.i386.rpm
	bb21f7d71544b7d30a45ad052a16f61b	bind-utils-8.3.3-1.i386.rpm
	3981b760212d84b07f3ada0b6f640ae7	glibc-2.2.4-23.i386.rpm
	34b1f56b27e5e561d378382a3b540092	glibc-devel-2.2.4-23.i386.rpm
	31a1148ed101aa8dcf345e7f68806db2	glibc-devel-static-2.2.4-23.i386.rpm
	999e375c52f236b7ce9a79311228568a	glibc-localedata-2.2.4-23.i386.rpm
	828c32ab1d920faa3cbca27b47a9ce04	nscd-2.2.4-23.i386.rpm

	4.3 Installation

	rpm -Fvh bind-8.3.3-1.i386.rpm
	rpm -Fvh bind-doc-8.3.3-1.i386.rpm
	rpm -Fvh bind-utils-8.3.3-1.i386.rpm
	rpm -Fvh glibc-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-23.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-23.i386.rpm
	rpm -Fvh nscd-2.2.4-23.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/SRPMS

4.5 Source Packages

	2c0e5c37e7ce156e2248e9fffaa8406c	bind-8.3.3-1.src.rpm
	d7c443043599d74ab3ea924d0059780f	glibc-2.2.4-23.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/RPMS

5.2 Packages

	63aa5ba585097c12a57a095aee7c1581	bind-8.3.3-1.i386.rpm
	85f08cbe9ac9b76bca6ca701e57c0a88	bind-doc-8.3.3-1.i386.rpm
	c09ace86a9e096024cb97aad1e253531	bind-utils-8.3.3-1.i386.rpm
	cf8a07b46703849238b53e3af6b5b310	glibc-2.2.4-23.i386.rpm
	0b4bf6623ff5fb5c6ff4bcecb11ede9d	glibc-devel-2.2.4-23.i386.rpm
	d575040e3b46515862cab4650925cebf	glibc-devel-static-2.2.4-23.i386.rpm
	59b8dda119b518e084575228fd24e919	glibc-localedata-2.2.4-23.i386.rpm
	599720843db585f011d586fa5029e7c7	nscd-2.2.4-23.i386.rpm

	5.3 Installation

	rpm -Fvh bind-8.3.3-1.i386.rpm
	rpm -Fvh bind-doc-8.3.3-1.i386.rpm
	rpm -Fvh bind-utils-8.3.3-1.i386.rpm
	rpm -Fvh glibc-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-23.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-23.i386.rpm
	rpm -Fvh nscd-2.2.4-23.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/SRPMS

5.5 Source Packages

	c7987406a635360bb39246e9bc850700	bind-8.3.3-1.src.rpm
	c63a0354b4bc9e5c35936f985d8a3371	glibc-2.2.4-23.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/RPMS

6.2 Packages

	97310a145a1fac4fffc960feab323cc4	bind-8.3.3-1.i386.rpm
	8a0d3c316ec29647540aa2a0b6792dfc	bind-doc-8.3.3-1.i386.rpm
	962f50faaa4b324c95c82be85bdf711c	bind-utils-8.3.3-1.i386.rpm
	ae5ac1338fd90a7e65ccd0fa707d55e3	glibc-2.2.4-23.i386.rpm
	2272829001ba8dba6fe5b0d27b323c2e	glibc-devel-2.2.4-23.i386.rpm
	ea1a88d622b7bad0daa6f5840cf1a650	glibc-devel-static-2.2.4-23.i386.rpm
	3a60a419bc4cb8794057c2ae832c1132	glibc-localedata-2.2.4-23.i386.rpm
	497f26a658aa9a23f26bdcacfbf6c311	nscd-2.2.4-23.i386.rpm

	6.3 Installation

	rpm -Fvh bind-8.3.3-1.i386.rpm
	rpm -Fvh bind-doc-8.3.3-1.i386.rpm
	rpm -Fvh bind-utils-8.3.3-1.i386.rpm
	rpm -Fvh glibc-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-23.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-23.i386.rpm
	rpm -Fvh nscd-2.2.4-23.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/SRPMS

6.5 Source Packages

	1d49abc211068aedd550d8b82837c6c4	bind-8.3.3-1.src.rpm
	5b62e0ab7c60bb875147c521346fac38	glibc-2.2.4-23.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/RPMS

7.2 Packages

	06f426cfbffc0282216aedab4c235abb	bind-8.3.3-1.i386.rpm
	a069730960a6b3bb19aacfaa020f1625	bind-doc-8.3.3-1.i386.rpm
	9a6a47c0040f3fdf89885d4f7b95fd32	bind-utils-8.3.3-1.i386.rpm
	a75a8f74a263b5290f697609439084cf	glibc-2.2.4-23.i386.rpm
	d2d21d81306a12da7cbea0d63fb3768f	glibc-devel-2.2.4-23.i386.rpm
	ea496ffd59c1db465b49231988e74156	glibc-devel-static-2.2.4-23.i386.rpm
	e6b63ab2513a276594769323c3083ca7	glibc-localedata-2.2.4-23.i386.rpm
	d09a9fb83215cd78d055fa09eaac508d	nscd-2.2.4-23.i386.rpm

	7.3 Installation

	rpm -Fvh bind-8.3.3-1.i386.rpm
	rpm -Fvh bind-doc-8.3.3-1.i386.rpm
	rpm -Fvh bind-utils-8.3.3-1.i386.rpm
	rpm -Fvh glibc-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-23.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-23.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-23.i386.rpm
	rpm -Fvh nscd-2.2.4-23.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/SRPMS

7.5 Source Packages

	96f2c68732c563df08a69f14fbb9ecdb	bind-8.3.3-1.src.rpm
	3f38eb5c48d593509cc9156f61651fba	glibc-2.2.4-23.src.rpm


8. References

	Specific references for this advisory:

		http://www.cert.org/advisories/CA-2002-19.html
http://www.kb.cert.org/vuls/id/803539
http://www.kb.cert.org/vuls/id/542971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
http://www.isc.org/products/BIND/bind-security.html

Caldera security resources:

		http://www.caldera.com/support/security/index.html

This security fix closes Caldera incidents sr866552, fz521492,
	erg501623.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Caldera wishes to thank the CERT Coordination Center, Joost
	Pol of PINE-CERT, the FreeBSD Project, and the NetBSD Project
	for information used in this document.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH