__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Bind Security Update
[Red Hat RHSA-2007:0057-3]
March 15, 2007 19:00 GMT Number R-178
[REVISED 22 June 2007]
[REVISED 25 June 2007]
______________________________________________________________________________
PROBLEM: A flaw was found in the way BIND processed certain DNS query
responses.
PLATFORM: Red Hat Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
HP Tru64 UNIX v 5.1B-4, v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6, v 4.0G PK4, v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and
earlier (SSL)
Solaris 10 Operating System
DAMAGE: Could allow a remote attacker to cause a denial of service.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. Could allow a remote attacker to cause a
ASSESSMENT: denial of service.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-178.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0057.html
ADDITIONAL LINKS: Visit Hewlett-Packard's Subscription Service for:
HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev. 1
Sun Alert ID: 102969
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2007-0493 CVE-2007-0494
______________________________________________________________________________
REVISION HISTORY:
04/19/2007 - revised R-178 to add a link to Hewlett-Packards Subscription
Service for HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1.
06/22/2007 - revised R-178 to add a link to Sun Alert ID:102969 for Solaris 10
Operating System.
06/25/2007 - revised R-178 to correct a typo in the url for the Sun Alert ID: 102969.
[***** Start Red Hat RHSA-2007:0057-3 *****]
Moderate: bind security update
Advisory: RHSA-2007:0057-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-03-14
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070057.xml
CVEs (cve.mitre.org): CVE-2007-0493
CVE-2007-0494
Details
Updated bind packages that fix a security issue and a bug are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was found in the way BIND processed certain DNS query responses. On
servers that had enabled DNSSEC validation, this could allow a remote
attacker to cause a denial of service. (CVE-2007-0494)
A use-after-free flaw was found in BIND. On servers that have recursion
enabled, this could allow a remote attacker to cause a denial of service.
(CVE-2007-0493)
Users of BIND are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
RHEL Desktop Workstation (v. 5 client)
--------------------------------------------------------------------------------
IA-32:
bind-chroot-9.3.3-8.el5.i386.rpm 3a8443e9f2da36135da2a8c002e9a571
bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c
bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a
caching-nameserver-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2
x86_64:
bind-chroot-9.3.3-8.el5.x86_64.rpm 1600c5327978f14cff4e3d6c723cd56e
bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c
bind-devel-9.3.3-8.el5.x86_64.rpm 614c450db2303add7d716f9598ee4b9b
bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a
bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 07eb939ce9b72a601a11edd744234499
caching-nameserver-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b
Red Hat Enterprise Linux (v. 5 server)
--------------------------------------------------------------------------------
SRPMS:
bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a
IA-32:
bind-9.3.3-8.el5.i386.rpm d1b235753f0a30bf50c686b8889bdabb
bind-chroot-9.3.3-8.el5.i386.rpm 3a8443e9f2da36135da2a8c002e9a571
bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c
bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a
bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0
bind-sdb-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af
bind-utils-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c
caching-nameserver-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2
IA-64:
bind-9.3.3-8.el5.ia64.rpm 08f4fd9cbb47d965af28da56ccd26eca
bind-chroot-9.3.3-8.el5.ia64.rpm 7411dc9f8cd53f8856d4b9c2fdf067ca
bind-devel-9.3.3-8.el5.ia64.rpm 1d16d639b459fe2b2a9dbb306407cdea
bind-libbind-devel-9.3.3-8.el5.ia64.rpm 881a976fd60622c832e5b765e3a8729a
bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0
bind-libs-9.3.3-8.el5.ia64.rpm fda8d77c60383c569e4eb17f6b066c58
bind-sdb-9.3.3-8.el5.ia64.rpm b9c03a97fc999979339c7d5c4f1ca697
bind-utils-9.3.3-8.el5.ia64.rpm cdbd214f638e98281402a5691883896f
caching-nameserver-9.3.3-8.el5.ia64.rpm 85f4480c97389bdb422e2e5431830dd3
PPC:
bind-9.3.3-8.el5.ppc.rpm 97eb06f5f63d9b1dd8d8ef041a877632
bind-chroot-9.3.3-8.el5.ppc.rpm a865dd4b52d40727d7ced7146942d088
bind-devel-9.3.3-8.el5.ppc.rpm 807d87da920d8767cd7be81ec9b23321
bind-devel-9.3.3-8.el5.ppc64.rpm e2e769b4315e07e7195806a9c005cffe
bind-libbind-devel-9.3.3-8.el5.ppc.rpm 4ecaa16632585f2216d63021586e48a7
bind-libbind-devel-9.3.3-8.el5.ppc64.rpm 4e678e537581aa6b6a74d364d74f69d4
bind-libs-9.3.3-8.el5.ppc.rpm dec1559e9bb45aa632847eb6ddc934a9
bind-libs-9.3.3-8.el5.ppc64.rpm 6b22f1a2277a9667bb20ab80cdb8483f
bind-sdb-9.3.3-8.el5.ppc.rpm 55d0288209e14a9bede395a24d0e93ac
bind-utils-9.3.3-8.el5.ppc.rpm b13aae75cb909caaf8a8a23ded7e8041
caching-nameserver-9.3.3-8.el5.ppc.rpm f0b76f1c2623f5fc385d4f12ef466550
s390x:
bind-9.3.3-8.el5.s390x.rpm c26913a7906a9c810ab21adfbf0f811f
bind-chroot-9.3.3-8.el5.s390x.rpm db3adf531b274576542b2a974d467742
bind-devel-9.3.3-8.el5.s390.rpm 74fb9b7fdbe7ed9642e326f39b9e64ba
bind-devel-9.3.3-8.el5.s390x.rpm ffa2fd4199b49d1ad2860d775cc8981c
bind-libbind-devel-9.3.3-8.el5.s390.rpm a023669dd68fca0a1f328eaf0edb5688
bind-libbind-devel-9.3.3-8.el5.s390x.rpm cd44c6c7d65036db055bdb184e98ecb7
bind-libs-9.3.3-8.el5.s390.rpm 14ab6cea9014c1b219360ea63b878012
bind-libs-9.3.3-8.el5.s390x.rpm 1c4675bdd52331f7f89b0b3a92cb3ce2
bind-sdb-9.3.3-8.el5.s390x.rpm f434705fdaa4918f9957391518a30f02
bind-utils-9.3.3-8.el5.s390x.rpm db6d7c3622e1306bc816352ca06ddbc2
caching-nameserver-9.3.3-8.el5.s390x.rpm 52aa7545a263150a525a44f0389d2205
x86_64:
bind-9.3.3-8.el5.x86_64.rpm 4d22697b70add12f9c124cc8cf286859
bind-chroot-9.3.3-8.el5.x86_64.rpm 1600c5327978f14cff4e3d6c723cd56e
bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c
bind-devel-9.3.3-8.el5.x86_64.rpm 614c450db2303add7d716f9598ee4b9b
bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a
bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 07eb939ce9b72a601a11edd744234499
bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0
bind-libs-9.3.3-8.el5.x86_64.rpm dafc0a981792ee6504a665a0cd529d01
bind-sdb-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f
bind-utils-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61
caching-nameserver-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b
Red Hat Enterprise Linux Desktop (v. 5 client)
--------------------------------------------------------------------------------
SRPMS:
bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a
IA-32:
bind-9.3.3-8.el5.i386.rpm d1b235753f0a30bf50c686b8889bdabb
bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0
bind-sdb-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af
bind-utils-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c
x86_64:
bind-9.3.3-8.el5.x86_64.rpm 4d22697b70add12f9c124cc8cf286859
bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0
bind-libs-9.3.3-8.el5.x86_64.rpm dafc0a981792ee6504a665a0cd529d01
bind-sdb-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f
bind-utils-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
225229 - CVE-2007-0494 BIND dnssec denial of service
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764
http://www.redhat.com/security/updates/classification/#moderate
Keywords
bind, dnssec, named
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on
how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2007:0057-3 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
R-168: Vulnerability in Citrix Presentation Server Client for Windows
R-169: EMC NetWorker Management Console Vulnerability
R-170: Symantec Mail Security for SMTP Vulnerability
R-171: Apple QuickTime 7.1.5
R-172: GnuPG Security Update
R-173: NetMail 3.5.2E Update
R-174: HP-UX Java (JRE and JDK) Vulnerability
R-175: Security Vulnerability in the ipmitool(1m) Interface to Sun Fire
R-176: Apple Security Update 2007-003
R-177: Linux Kernel Vulnerable to DoS via ipv6_getsockopt_sticky() Function