[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2006.1 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : BIND Denial of Service Vulnerability

To: security-announce@xxxxxxxxxxxx
Subject: [Full-disclosure] SCOSA-2006.1 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : BIND Denial of Service Vulnerability
From: security@xxxxxxx
Date: Tue, 3 Jan 2006 12:08:04 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : 
BIND Denial of Service Vulnerability
Advisory number:        SCOSA-2006.1
Issue date:             2006 January 03
Cross reference:        sr892955 fz531004 erg712788
                        CVE-2005-0033 VU#327633
______________________________________________________________________________


1. Problem Description

        BIND (the Berkeley Internet Name Daemon) is the Domain Name
        Service for Unix systems. BIND version 8.4.4 is vulnerable to a
        remote denial of service attack, caused by a buffer overflow in
        the in q_usedns array.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-0033 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.6                bind distribution
        OpenServer 5.0.7                bind distribution
        OpenServer 6.0.0                bind distribution


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.6

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1


    4.2 Verification

        MD5 (p531004.507_vol.tar) = 708a75f3307ffbeaf9b8d9aba3cef7df

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        The following package should be installed on your system before
        you install this fix:

                OSS646C

        Upgrade the affected binaries with the following sequence:

        1) Download p531004.507_vol.tar file to a directory.

        2) Extract VOL* files.

           # tar xvf p531004.507_vol.tar

        3) Run the custom command, specify an install from media images,
           and specify the directory as the location of the images.


5. OpenServer 5.0.7

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1


    5.2 Verification

        MD5 (p531004.507_vol.tar) = 708a75f3307ffbeaf9b8d9aba3cef7df

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download p531004.507_vol.tar file to a directory.

        2) Extract VOL* files.

           # tar xvf p531004.507_vol.tar

        3) Run the custom command, specify an install from media images,
           and specify the directory as the location of the images.


6. OpenServer 6.0.0

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1


    6.2 Verification

        MD5 (p531004.600_vol.tar) = d15f8ccbceb67cce746c4a67189145d9

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download p531004.600_vol.tar file to a directory.

        2) Extract VOL* files.

           # tar xvf p531004.600_vol.tar

        3) Run the custom command, specify an install from media images,
           and specify the directory as the location of the images.


7. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0033
                http://www.kb.cert.org/vuls/id/VU#327633
                
http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html?lang=en
                http://xforce.iss.net/xforce/xfdb/19063

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr892955 fz531004
        erg712788.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDuqIBaqoBO7ipriERAhwPAKCYDecYldK3rNJKh4nL8KDGZk5tqwCghVMD
w2RMr1fTzJJdPFd+X8w6D1k=
=ldc+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: RE: [Full-disclosure] WMF round-up, updates and de-mystification
Next by Date: Re: [Full-disclosure] WMF round-up, updates and de-mystification
Previous by thread: Re: [security] [Full-disclosure] Social Eng. with Windows Media Player and Codec Download
Next by thread: [Full-disclosure] SCOSA-2006.2 OpenServer 5.0.7 OpenServer 6.0.0 : cpio Multiple Vulnerabilities
Index(es):
- Date
- Thread