Conectiva Linux Advisory: bind Date: Thursday, June 06 2002 Topic: Security Conectiva Linux Advisory: bind DESCRIPTION "bind" is a name server (DNS) developed by the ISC and used in many internet and intranet sites. ISC (Internet Software Consortium) reported a remote denial of service vulnerability[2] in the BIND[1] server. A remote attacker can exploit this problem and shut down the name server. This vulnerability only affects the 9.x versions of the server and has no other consequence besides shutting down the service. An indication that the service has been shut down due to this problem are the following messages in the system log (/var/log/messages): named: message.c:808: REQUIRE(*rdataset == ((void *)0)) failed named: exiting (due to assertion failure) Please note that regular DNS traffic could also accidentally trigger this problem. ISC has released BIND version 9.2.1 to address this vulnerability. SOLUTION It is recommended that all bind users upgrade their packages. The "named" service will be automatically restarted if it was already running before the upgrade. REFERENCES 1. http://www.isc.org/products/BIND/bind9.html 2. http://www.kb.cert.org/vuls/id/739123 3. http://www.cert.org/advisories/CA-2002-15.html 4. http://www.isc.org/products/BIND/bind-security.html DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/bind-9.2.1-1U70_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-chroot-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-devel-static-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-doc-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/bind-utils-9.2.1-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/bind-9.2.1-1U8_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-chroot-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-devel-static-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-doc-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-libs-9.2.1-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/bind-utils-9.2.1-1U8_1cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet    (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run:                 apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en This article comes from osforge.com http://www.osforge.com The URL for this story is: http://www.osforge.com/news/00797.html