ISC BIND 8 Invalid Expiry Time Denial Of Service Vulnerability

Solution:
ISC has stated that new versions of BIND 4 and 8 will be available in the near future. Users are advised to contact ISC for further details. ISC has released patches for some versions.

Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

SCO has released a security advisory to address this issue in OpenServer (CSSA-2003-SCO.17.1). Further information relating to obtaining and applying fixes can be found in the referenced advisory.

FreeBSD has released an advisory. Users are advised to update systems to the 4.7-STABLE branch or to the appropriate RELENG_4_x branch dated after the correction date. A patch is also available. Further details on obtaining and applying fixes can be found in the referenced advisory.

EnGarde Secure Linux has released an advisory. Further information about obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory. Updated packages are available. Further information about obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2002:077) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 196-1) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released an advisory (CLA-2002:546) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory containing upgrades for this and other vulnerabilities. OpenPKG 1.0 users are advised to upgrade to the bind-8.2.6-1.0.2 package or later. OpenPKG 1.1 users are advised to upgrade to the bind8-8.3.3-1.1.1 package or later. OpenPKG CURRENT users are advised to upgrade to the bind8-8.3.3-20021114 package or later. bind-9.2.1-1.1.0 packages are also available for OpenPKG 1.1/CURRENT. Further details on obtaining and applying fixes can be found in the attached reference.

This issue is present in Astaro Security Linux versions prior to Up2Date 3.212. Up2Date 3.211 is the minimum version required for users to install Up2Date 3.212.

Trustix Secure Linux has released an advisory. Further details about obtaining and applying fixes can be found in the referenced advisory.

NetBSD has released an advisory. Details about upgrading vulnerable packages through CVS can be found in the referenced advisory.

SCO has released an advisory and fixes for OpenLinux.

SCO has released a security advisory (CSSA-2003-SCO.2). Information, on obtaining and applying fixes, can be gathered from the reverenced advisory.

Sun recommends disabling recursion if not needed. Patches are available.

Fixes are available:


OpenBSD OpenBSD 3.2

Sun Solaris 8_sparc

OpenBSD OpenBSD 3.0

Sun Cobalt RaQ XTR

Sun Solaris 7.0

Sun Solaris 9

Sun Solaris 7.0_x86

OpenBSD OpenBSD 3.1

Sun Solaris 8_x86

Compaq Tru64 4.0 f PK6 (BL17)

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 g

Compaq Tru64 4.0 f

Compaq Tru64 4.0 f PK7 (BL18)

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.0 a

Compaq Tru64 5.1 PK4 (BL18)

Compaq Tru64 5.1 b PK1 (BL1)

Compaq Tru64 5.1 a

Compaq Tru64 5.1

Compaq Tru64 5.1 PK5 (BL19)

Compaq Tru64 5.1 a PK1 (BL1)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 a PK3 (BL3)

Compaq Tru64 5.1 b

Compaq Tru64 5.1 PK3 (BL17)

ISC BIND 8.2.3

ISC BIND 8.2.4

ISC BIND 8.2.6

ISC BIND 8.3.3


 

Privacy Statement
Copyright 2010, SecurityFocus