-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory 97.03: DoS Vulnerability in BIND daemon Caldera Security Advisory SA-97.03 March 12th, 1997 Topic: DoS Vulnerability in BIND daemon I. Problem Description A denial of service (DoS) vulnerability exists within the DNS BIND ("named") daemon that can allow arbitrary individuals to interfere with the daemon's normal operation. II. Impact On systems such as Caldera OpenLinux 1.0, an unprivileged user can cause the BIND name server to use excessive CPU resources and potentially prevent new TCP connections to the name server. III. Solution Install the new RPM packages that contain the fixed version of the BIND daemon. They are located on Caldera's FTP server (ftp.caldera.com): /pub/openlinux/updates/1.0/current/RPMS/bind-4.9.5p1-2.i386.rpm /pub/openlinux/updates/1.0/current/RPMS/bind-devel-4.9.5p1-2.i386.rpm /pub/openlinux/updates/1.0/current/RPMS/bind-doc-4.9.5p1-2.i386.rpm /pub/openlinux/updates/1.0/current/RPMS/bind-utils-4.9.5p1-2.i386.rpm /pub/openlinux/updates/1.0/current/SRPMS/bind-4.9.5p1-2.src.rpm The MD5 checksums (from the "md5sum" command) for these packages are: 5c968da22aaf9f1302647d9e7d6b1ae4 RPMS/bind-4.9.5p1-2.i386.rpm b08d7e1ef873a2d0ccbe2f08c9c9f0a6 RPMS/bind-devel-4.9.5p1-2.i386.rpm 7f0918d3600f1f969e479ce68cc126f7 RPMS/bind-doc-4.9.5p1-2.i386.rpm 6e8cecaac39da3d9a63a8870209d226e RPMS/bind-utils-4.9.5p1-2.i386.rpm b4e51538c8adf7d1763d4de021afca2b SRPMS/bind-4.9.5p1-2.src.rpm Their PGP signatures can be verified with the "rpm -K" command. IV. References This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ Caldera and LST public PGP keys can be found at: ftp://ftp.caldera.com/pub/pgp-keys/ This advisory is based on information from the "bind-workers" and "Bugtraq" email lists. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBMycXd+n+9R4958LpAQG8rQQAjTK+KqjBEYL1Dc8HhrnvHsTqvO/Owdpd HVH17t1b5Wi1YoxTuPSZWSNQJzLb/j0icfEdjlNSHDwAi1bv376xRYlbfp0Q3as3 WI8xOs0d/sTbTTTGlhYQuFWKeVjKcQyH9qytSYYBZ8gJ5rDuXkFq7kv8itr8SJ3Z 2u2l+ooVmaQ= =TXVR -----END PGP SIGNATURE-----