[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : DoS attack against named

Title: DoS attack against named
Released by: Caldera
Date: 10th November 2000
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



______________________________________________________________________________

   Caldera Systems, Inc.  Security Advisory



Subject: DoS attack against named

Advisory number: CSSA-2000-040.0

Issue date: 2000 November, 10

Cross reference:

______________________________________________________________________________





1. Problem Description



   There's a bug in named's handling of compressed zone transfers

   (ZXFR) that causes it to crash under certain circumstances.

   At the very least, this is a denial of service attack. As the

   bug is still being investigated, it cannot be ruled out that

   this bug has a more severe security impact.



   This bug affects you _only_ if you are running named, and act

   as the primary name server for one or more zones. If does not

   affect you if you merely run named in forwarding mode.



2. Vulnerable Versions



   System                       Package

   -----------------------------------------------------------

   OpenLinux Desktop 2.3        All packages previous to

   bind-8.2.2p7-1



   OpenLinux eServer 2.3        All packages previous to

   and OpenLinux eBuilder       bind-8.2.2p7-1



   OpenLinux eDesktop 2.4 All packages previous to

                                bind-8.2.2p7-1



3. Solution



   Workaround:



   As a minimum, you should restrict zone transfers to those hosts

   that actually act as your secondary name servers. You can

   do this by adding an "allow-transfer" statement to each zone

   you act as a primary for. For instance,



       zone "foobar.com" {

           type            master;

           file            "foobar.com";

           allow-transfer  { 192.168.1.1; 192.168.3.17 };

       }



   This will not completely protect you from the ZXFR attack,

   but now the only sites able to perform it are those listed

   in the allow-transfer clause.



4. OpenLinux Desktop 2.3



   4.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS



   4.2 Verification



       9d8429f25c5fb3bebe2d66b1f9321e61  RPMS/bind-8.2.2p7-1.i386.rpm

       0e958eb01f40826f000d779dbe6b8cb3  RPMS/bind-doc-8.2.2p7-1.i386.rpm

       866ff74c77e9c04a6abcddcc11dbe17b  RPMS/bind-utils-8.2.2p7-1.i386.rpm

       6a545924805effbef01de74e34ba005e  SRPMS/bind-8.2.2p7-1.src.rpm



   4.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv bind-*.i386.rpm



5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0



   5.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS



   5.2 Verification



       379c4328604b4491a8f3d0de44e42347  RPMS/bind-8.2.2p7-1.i386.rpm

       b428b824c8b67f2d8d4bf53738a3e7e0  RPMS/bind-doc-8.2.2p7-1.i386.rpm

       28311d630281976a870d38abe91f07fb  RPMS/bind-utils-8.2.2p7-1.i386.rpm

       6a545924805effbef01de74e34ba005e  SRPMS/bind-8.2.2p7-1.src.rpm



   5.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv bind-*.i386.rpm



6. OpenLinux eDesktop 2.4



   6.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS



   6.2 Verification



       c37b6673cc9539e592013ac114846940  RPMS/bind-8.2.2p7-1.i386.rpm

       bbe0d7e317fde0d47cba1384f6d4b635  RPMS/bind-doc-8.2.2p7-1.i386.rpm

       5c28dd5641a4550c03e9859d945a806e  RPMS/bind-utils-8.2.2p7-1.i386.rpm

       6a545924805effbef01de74e34ba005e  SRPMS/bind-8.2.2p7-1.src.rpm



   6.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv bind-*.i386.rpm



7. References



   This and other Caldera security resources are located at:



   http://www.calderasystems.com/support/security/index.html



   This security fix closes Caldera's internal Problem Report 8230.



8. Disclaimer



   Caldera Systems, Inc. is not responsible for the misuse of any of the

   information we provide on this website and/or through our security

   advisories. Our advisories are a service to our customers intended to

   promote secure installation and use of Caldera OpenLinux.



______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.4 (GNU/Linux)

Comment: For info see http://www.gnupg.org



iD8DBQE6DAn118sy83A/qfwRAiiBAKC/0WNCkfDJoHDjfuMgY1mQFWZ4awCgisAp

dhuUp0QpTBKLAN15sdIadPE=

=3IEb

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.