To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca

______________________________________________________________________________

                Caldera International, Inc. Security Advisory

Subject: Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability
Advisory number: CSSA-2002-SCO.24
Issue date: 2002 June 10
Cross reference:
______________________________________________________________________________

1. Problem Description

        An assertion failure in BIND version 9 can be triggered by
        certain responses, leading to a denial of service attack.
        This security fix updates BIND to version 9.2.1.

2. Vulnerable Supported Versions

        System Binaries
        ----------------------------------------------------------------------
        Open UNIX 8.0.0 /usr/sbin/dig
                                        /usr/sbin/dnssec-keygen
                                        /usr/sbin/dnssec-makekeyset
                                        /usr/sbin/dnssec-signkey
                                        /usr/sbin/dnssec-signzone
                                        /usr/sbin/host
                                        /usr/sbin/in.named
                                        /usr/sbin/named-checkconf
                                        /usr/sbin/named-checkzone
                                        /usr/sbin/ndc
                                        /usr/sbin/nslookup
                                        /usr/sbin/nsupdate
                                        /usr/sbin/rndc

3. Solution

        The proper solution is to install the latest packages.

4. Open UNIX 8.0.0

        4.1 Location of Fixed Binaries

        ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24

        4.2 Verification

        MD5 (erg712061.pkg.Z) = 14427a77db777d8d630ca906b27d7582

        md5 is available for download from
                ftp://ftp.caldera.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg712061.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712061.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712061.pkg

5. References

        Specific references for this advisory:
                http://www.kb.cert.org/vuls/id/739123
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400

        Caldera security resources:
                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr865147, fz521091
        and erg712061.

6. Disclaimer

        Caldera International, Inc. is not responsible for the
        misuse of any of the information we provide on this website
        and/or through our security advisories. Our advisories are
        a service to our customers intended to promote secure
        installation and use of Caldera products.

7. Acknowledgements

        The Internet Software Consortium discovered and researched
        this vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0FKMcACgkQaqoBO7ipriFQfwCaAxxlYE7AI1AxMs1TItcvgCMN
sUcAoKBT1IdsvakR8p4OchbfCoB6Agyc
=vu+s
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]