Risks
Advisories
Browse
or
or
Caldera Security Advisory - Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability
______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability
Advisory number: 	CSSA-2002-SCO.24
Issue date: 		2002 June 10
Cross reference:
______________________________________________________________________________


1. Problem Description

	An assertion failure in BIND version 9 can be triggered by
	certain responses, leading to a denial of service attack.
	This security fix updates BIND to version 9.2.1.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	Open UNIX 8.0.0 		/usr/sbin/dig
					/usr/sbin/dnssec-keygen
					/usr/sbin/dnssec-makekeyset
					/usr/sbin/dnssec-signkey
					/usr/sbin/dnssec-signzone
					/usr/sbin/host
					/usr/sbin/in.named
					/usr/sbin/named-checkconf
					/usr/sbin/named-checkzone
					/usr/sbin/ndc
					/usr/sbin/nslookup
					/usr/sbin/nsupdate
					/usr/sbin/rndc


3. Solution

	The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

	4.1 Location of Fixed Binaries

	ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24


	4.2 Verification

	MD5 (erg712061.pkg.Z) = 14427a77db777d8d630ca906b27d7582

	md5 is available for download from
		ftp://ftp.caldera.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg712061.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712061.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712061.pkg


5. References

	Specific references for this advisory:
		http://www.kb.cert.org/vuls/id/739123
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr865147, fz521091
	and erg712061.


6. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.


7. Acknowledgements

	The Internet Software Consortium discovered and researched
	this vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0FKMcACgkQaqoBO7ipriFQfwCaAxxlYE7AI1AxMs1TItcvgCMN
sUcAoKBT1IdsvakR8p4OchbfCoB6Agyc
=vu+s
-----END PGP SIGNATURE-----




Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //