SecurityOrb.com - Vulnerability Advisory

Buffer Overflows in DNS Resolver Library

Affected System(s)

System	Operating System
	Solaris 8 **

Description:

Multiple buffer overflows exist in the BIND DNS resolver library (libbind) that allows an attacker to execute arbitrary code on vulnerable systems.

Recommendation:

To correct the vulnerability upgrade to the most recent release of BIND. The Internet Software Consortium (ISC) currently maintains three branches of the BIND package: 4.x, 8.x and 9.x. You may download the most recent release of each branch of BIND in source code form from ftp://ftp.isc.org. In addition, you may obtain further information on BIND at http://www.isc.org/products/BIND/ BIND 4.x is depreciated and will not be updated further by the ISC. BIND 8.x is still supported and will be for some time due to it's wide distribution. The latest BIND 8 series information is located at http://www.isc.org/products/BIND/bind8.html The BIND 9.x distribution which was a major rewrite of the BIND architecture is the suggested upgrade path for current 4.x or 8.x servers.


To build the BIND packages:

$tar -xvzf bind-x.x.x.tar.gz

$cd bind-x.x.x

$./configure

$make

$su

#make install

If the version of BIND you are replacing was included with the UNIX distribution and not installed separately you may need to change the install directories using the --prefix option when running configure.

BIND should normally be run in a chroot: meaning that the running daemon cannot access files outside of it's predetermined directory tree. This helps minimize the damage from a exploited service by restricting it's access to the file system once compromised. The following guides give examples of setting up chrooted BIND environments.

Chroot-BIND HOWTO (covers BIND 9)

http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html

Chroot-BIND8 HOWTO:

http://www.tldp.org/HOWTO/Chroot-BIND8-HOWTO.html


To determine which version of BIND you are using, you can run the following command at your console:

# name -v

named 8.2.2-P5 Tue Mar 5 17:19:57 PDT 2002

host@ns1.yourdomain.com:/usr/sbin/named

Observation:

The DNS resolver libraries contain remotely exploitable buffer overflow vulnerabilities in the code used to handle DNS responses.

For more information:

http://www.cert.org/advisories/CA-2002-19.html

Common Vulnerabilities & Exposures (CVE) Link:

CVE-2002-0684

IAVA Reference Number

2003-B-0001

Vulnerability Report

Vulnerability:aspportal
Published:2008-11-28
Severity:High
Description:SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
Recommendation: NA

Apache HTTP Server mod_rewrite Vulnerability

Apache HTTP Server mod_rewrite Vulnerability

Description
A vulnerability exists in Apache that may allow for code execution or a denial of service.

Observation
Apache is a popular, open source web server application. A vulnerability is present in Apache that may allow remote code execution or a denial of service attack. The flaws reside in the mod_rewrite module through 1) allowing control of a portion of a rewritten URL and 2) no flag control is available such as Forbidden, Gone or NoEscape. The default installation of Apache is not vulnerable as it does not include use of this rewrite module.

Recommendation
The vendor has made updates available for remediation here: http://httpd.apache.org/ Sun Microsystems has released patches for affected Solaris 8, 9, and 10 systems. Please refer to the vendor's advisories for more information: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1

CVE
CVE-2006-3747

SANS/FBI top 20
No

IAVA
No