__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Bind Security Update [Red Hat RHSA-2007:0057-3] March 15, 2007 19:00 GMT Number R-178 [REVISED 22 June 2007] [REVISED 25 June 2007] ______________________________________________________________________________ PROBLEM: A flaw was found in the way BIND processed certain DNS query responses. PLATFORM: Red Hat Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) HP Tru64 UNIX v 5.1B-4, v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6, v 4.0G PK4, v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) Solaris 10 Operating System DAMAGE: Could allow a remote attacker to cause a denial of service. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Could allow a remote attacker to cause a ASSESSMENT: denial of service. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-178.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0057.html ADDITIONAL LINKS: Visit Hewlett-Packard's Subscription Service for: HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev. 1 Sun Alert ID: 102969 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-0493 CVE-2007-0494 ______________________________________________________________________________ REVISION HISTORY: 04/19/2007 - revised R-178 to add a link to Hewlett-Packards Subscription Service for HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1. 06/22/2007 - revised R-178 to add a link to Sun Alert ID:102969 for Solaris 10 Operating System. 06/25/2007 - revised R-178 to correct a typo in the url for the Sun Alert ID: 102969. [***** Start Red Hat RHSA-2007:0057-3 *****] Moderate: bind security update Advisory: RHSA-2007:0057-3 Type: Security Advisory Severity: Moderate Issued on: 2007-03-14 Last updated on: 2007-03-14 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) OVAL: com.redhat.rhsa-20070057.xml CVEs (cve.mitre.org): CVE-2007-0493 CVE-2007-0494 Details Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: bind-chroot-9.3.3-8.el5.i386.rpm 3a8443e9f2da36135da2a8c002e9a571 bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a caching-nameserver-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2 x86_64: bind-chroot-9.3.3-8.el5.x86_64.rpm 1600c5327978f14cff4e3d6c723cd56e bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.x86_64.rpm 614c450db2303add7d716f9598ee4b9b bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 07eb939ce9b72a601a11edd744234499 caching-nameserver-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a IA-32: bind-9.3.3-8.el5.i386.rpm d1b235753f0a30bf50c686b8889bdabb bind-chroot-9.3.3-8.el5.i386.rpm 3a8443e9f2da36135da2a8c002e9a571 bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-sdb-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af bind-utils-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c caching-nameserver-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2 IA-64: bind-9.3.3-8.el5.ia64.rpm 08f4fd9cbb47d965af28da56ccd26eca bind-chroot-9.3.3-8.el5.ia64.rpm 7411dc9f8cd53f8856d4b9c2fdf067ca bind-devel-9.3.3-8.el5.ia64.rpm 1d16d639b459fe2b2a9dbb306407cdea bind-libbind-devel-9.3.3-8.el5.ia64.rpm 881a976fd60622c832e5b765e3a8729a bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.ia64.rpm fda8d77c60383c569e4eb17f6b066c58 bind-sdb-9.3.3-8.el5.ia64.rpm b9c03a97fc999979339c7d5c4f1ca697 bind-utils-9.3.3-8.el5.ia64.rpm cdbd214f638e98281402a5691883896f caching-nameserver-9.3.3-8.el5.ia64.rpm 85f4480c97389bdb422e2e5431830dd3 PPC: bind-9.3.3-8.el5.ppc.rpm 97eb06f5f63d9b1dd8d8ef041a877632 bind-chroot-9.3.3-8.el5.ppc.rpm a865dd4b52d40727d7ced7146942d088 bind-devel-9.3.3-8.el5.ppc.rpm 807d87da920d8767cd7be81ec9b23321 bind-devel-9.3.3-8.el5.ppc64.rpm e2e769b4315e07e7195806a9c005cffe bind-libbind-devel-9.3.3-8.el5.ppc.rpm 4ecaa16632585f2216d63021586e48a7 bind-libbind-devel-9.3.3-8.el5.ppc64.rpm 4e678e537581aa6b6a74d364d74f69d4 bind-libs-9.3.3-8.el5.ppc.rpm dec1559e9bb45aa632847eb6ddc934a9 bind-libs-9.3.3-8.el5.ppc64.rpm 6b22f1a2277a9667bb20ab80cdb8483f bind-sdb-9.3.3-8.el5.ppc.rpm 55d0288209e14a9bede395a24d0e93ac bind-utils-9.3.3-8.el5.ppc.rpm b13aae75cb909caaf8a8a23ded7e8041 caching-nameserver-9.3.3-8.el5.ppc.rpm f0b76f1c2623f5fc385d4f12ef466550 s390x: bind-9.3.3-8.el5.s390x.rpm c26913a7906a9c810ab21adfbf0f811f bind-chroot-9.3.3-8.el5.s390x.rpm db3adf531b274576542b2a974d467742 bind-devel-9.3.3-8.el5.s390.rpm 74fb9b7fdbe7ed9642e326f39b9e64ba bind-devel-9.3.3-8.el5.s390x.rpm ffa2fd4199b49d1ad2860d775cc8981c bind-libbind-devel-9.3.3-8.el5.s390.rpm a023669dd68fca0a1f328eaf0edb5688 bind-libbind-devel-9.3.3-8.el5.s390x.rpm cd44c6c7d65036db055bdb184e98ecb7 bind-libs-9.3.3-8.el5.s390.rpm 14ab6cea9014c1b219360ea63b878012 bind-libs-9.3.3-8.el5.s390x.rpm 1c4675bdd52331f7f89b0b3a92cb3ce2 bind-sdb-9.3.3-8.el5.s390x.rpm f434705fdaa4918f9957391518a30f02 bind-utils-9.3.3-8.el5.s390x.rpm db6d7c3622e1306bc816352ca06ddbc2 caching-nameserver-9.3.3-8.el5.s390x.rpm 52aa7545a263150a525a44f0389d2205 x86_64: bind-9.3.3-8.el5.x86_64.rpm 4d22697b70add12f9c124cc8cf286859 bind-chroot-9.3.3-8.el5.x86_64.rpm 1600c5327978f14cff4e3d6c723cd56e bind-devel-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.x86_64.rpm 614c450db2303add7d716f9598ee4b9b bind-libbind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 07eb939ce9b72a601a11edd744234499 bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.x86_64.rpm dafc0a981792ee6504a665a0cd529d01 bind-sdb-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f bind-utils-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61 caching-nameserver-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a IA-32: bind-9.3.3-8.el5.i386.rpm d1b235753f0a30bf50c686b8889bdabb bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-sdb-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af bind-utils-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c x86_64: bind-9.3.3-8.el5.x86_64.rpm 4d22697b70add12f9c124cc8cf286859 bind-libs-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.x86_64.rpm dafc0a981792ee6504a665a0cd529d01 bind-sdb-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f bind-utils-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory 225229 - CVE-2007-0494 BIND dnssec denial of service References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764 http://www.redhat.com/security/updates/classification/#moderate Keywords bind, dnssec, named -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0057-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-168: Vulnerability in Citrix Presentation Server Client for Windows R-169: EMC NetWorker Management Console Vulnerability R-170: Symantec Mail Security for SMTP Vulnerability R-171: Apple QuickTime 7.1.5 R-172: GnuPG Security Update R-173: NetMail 3.5.2E Update R-174: HP-UX Java (JRE and JDK) Vulnerability R-175: Security Vulnerability in the ipmitool(1m) Interface to Sun Fire R-176: Apple Security Update 2007-003 R-177: Linux Kernel Vulnerable to DoS via ipv6_getsockopt_sticky() Function