SA-1997.03.txt
fdb8dee4a0ff06cbaa4b529859e78219c239f2abaac0e0b89d442bb0059f5c4f
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory 97.03: DoS Vulnerability in BIND daemon
Caldera Security Advisory SA-97.03
March 12th, 1997
Topic: DoS Vulnerability in BIND daemon
I. Problem Description
A denial of service (DoS) vulnerability exists within the DNS BIND
("named") daemon that can allow arbitrary individuals to interfere with
the daemon's normal operation.
II. Impact
On systems such as Caldera OpenLinux 1.0, an unprivileged user can
cause the BIND name server to use excessive CPU resources and
potentially prevent new TCP connections to the name server.
III. Solution
Install the new RPM packages that contain the fixed version of
the BIND daemon. They are located on Caldera's FTP server
(ftp.caldera.com):
/pub/openlinux/updates/1.0/current/RPMS/bind-4.9.5p1-2.i386.rpm
/pub/openlinux/updates/1.0/current/RPMS/bind-devel-4.9.5p1-2.i386.rpm
/pub/openlinux/updates/1.0/current/RPMS/bind-doc-4.9.5p1-2.i386.rpm
/pub/openlinux/updates/1.0/current/RPMS/bind-utils-4.9.5p1-2.i386.rpm
/pub/openlinux/updates/1.0/current/SRPMS/bind-4.9.5p1-2.src.rpm
The MD5 checksums (from the "md5sum" command) for these packages are:
5c968da22aaf9f1302647d9e7d6b1ae4 RPMS/bind-4.9.5p1-2.i386.rpm
b08d7e1ef873a2d0ccbe2f08c9c9f0a6 RPMS/bind-devel-4.9.5p1-2.i386.rpm
7f0918d3600f1f969e479ce68cc126f7 RPMS/bind-doc-4.9.5p1-2.i386.rpm
6e8cecaac39da3d9a63a8870209d226e RPMS/bind-utils-4.9.5p1-2.i386.rpm
b4e51538c8adf7d1763d4de021afca2b SRPMS/bind-4.9.5p1-2.src.rpm
Their PGP signatures can be verified with the "rpm -K" command.
IV. References
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
Caldera and LST public PGP keys can be found at:
ftp://ftp.caldera.com/pub/pgp-keys/
This advisory is based on information from the "bind-workers" and
"Bugtraq" email lists.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBMycXd+n+9R4958LpAQG8rQQAjTK+KqjBEYL1Dc8HhrnvHsTqvO/Owdpd
HVH17t1b5Wi1YoxTuPSZWSNQJzLb/j0icfEdjlNSHDwAi1bv376xRYlbfp0Q3as3
WI8xOs0d/sTbTTTGlhYQuFWKeVjKcQyH9qytSYYBZ8gJ5rDuXkFq7kv8itr8SJ3Z
2u2l+ooVmaQ=
=TXVR
-----END PGP SIGNATURE-----