Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

ISC BIND OPT Record Large UDP Denial of Service Vulnerability

Solution:
Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

SCO has released a security advisory to address this issue in OpenServer (CSSA-2003-SCO.17.1). Further information relating to obtaining and applying fixes can be found in the referenced advisory.

HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

ISC has stated that new versions of BIND will be available in the near future. Users are advised to contact ISC for further details. ISC has released patches for some versions.

HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).

FreeBSD has released an advisory. Users are advised to update systems to the 4.7-STABLE branch or to the appropriate RELENG_4_x branch dated after the correction date. A patch is also available. Further details on obtaining and applying fixes can be found in the referenced advisory.

EnGarde Secure Linux has released an advisory. Further information about obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory. Updated packages are available. Further information about obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2002:077) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 196-1) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released an advisory (CLA-2002:546) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory containing upgrades for this and other vulnerabilities. OpenPKG 1.0 users are advised to upgrade to the bind-8.2.6-1.0.2 package or later. OpenPKG 1.1 users are advised to upgrade to the bind8-8.3.3-1.1.1 package or later. OpenPKG CURRENT users are advised to upgrade to the bind8-8.3.3-20021114 package or later. bind-9.2.1-1.1.0 packages are also available for OpenPKG 1.1/CURRENT. Further details on obtaining and applying fixes can be found in the attached reference.

This issue is present in Astaro Security Linux versions prior to Up2Date 3.212. Up2Date 3.211 is the minimum version required for users to install Up2Date 3.212.

Trustix Secure Linux has released an advisory. Further details about obtaining and applying fixes can be found in the referenced advisory.

NetBSD has released an advisory. Details about upgrading vulnerable packages through CVS can be found in the referenced advisory.

SCO has released an advisory and fixes for OpenLinux.

SCO has released a security advisory (CSSA-2003-SCO.2). Information, on obtaining and applying fixes, can be gathered from the reverenced advisory.

Sun recommends disabling recursion if not needed. Patches are available.

Apple has patched this issue in MacOS X versions 10.2.3 and later. See referenced web page for additional details.

Fixes are available:


OpenBSD OpenBSD 3.2

OpenBSD OpenBSD 3.0

Sun Cobalt RaQ XTR

Sun Solaris 9

OpenBSD OpenBSD 3.1

HP HP-UX 10.10

HP HP-UX 10.20

HP HP-UX 11.0 4

HP HP-UX 11.0

HP HP-UX 11.11

HP HP-UX 11.22

Compaq Tru64 4.0 f PK6 (BL17)

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 g

Compaq Tru64 4.0 f

Compaq Tru64 4.0 f PK7 (BL18)

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.0 a

Compaq Tru64 5.1 PK4 (BL18)

Compaq Tru64 5.1 b PK1 (BL1)

Compaq Tru64 5.1 a

Compaq Tru64 5.1

Compaq Tru64 5.1 PK5 (BL19)

Compaq Tru64 5.1 a PK1 (BL1)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 a PK3 (BL3)

Compaq Tru64 5.1 b

Compaq Tru64 5.1 PK3 (BL17)

ISC BIND 8.3.3







 

Privacy Statement
Copyright 2008, SecurityFocus