pfilippone
MIS
I have a server running SCO Openserver 5.0.6
Someone alerted me about a network vulnerability, and suggested an upgrade to BIND. (See details below if interested.)
How can I check if the server is running BIND?
ps -ef | grep BIND ????
=========================================================
DETAILS of VULNERABILITY
ISC BIND QINV Buffer Overflow (CVE-1999-0009)
Description
A buffer overflow condition exists within certain versions of BIND which allow an attacker to gain remote root compromise on affected servers.
Observation
A vulnerability exists in multiple versions of the ISC BIND server which can lead to remote root compromise. BIND does not properly bound the data received when processing an inverse query, thus allowing parts of memory to be overwritten and allow an attacker to execute code on the server. Versions include: 4.9 releases prior to 4.9.7 and 8.0 releases prior to 8.1.2
Vulnerable Systems:
BIND Version 4.9.6 - 8.1.1
For more information see:
BID 0134:
Impact
Recommendation
To correct the vulnerability upgrade to the most recent release of BIND. The Internet Software Consortium (ISC) currently maintains three branches of the BIND package: 4.x, 8.x and 9.x. You may download the most recent release of each branch of BIND in source code form from ftp://ftp.isc.org In addition, you may obtain further information on BIND at BIND 4.x is depreciated and will not be updated further by the ISC. BIND 8.x is still supported and will be for some time due to it's wide distribution. The latest BIND 8 series information is located at The BIND 9.x distribution which was a major rewrite of the BIND architecture is the suggested upgrade path for current 4.x or 8.x servers.
To build the BIND packages:
$tar -xvzf bind-x.x.x.tar.gz
$cd bind-x.x.x
$./configure
$make
$su
#make install
If the version of BIND you are replacing was included with the UNIX distribution and not installed separately you may need to change the install directories using the --prefix option when running configure.
BIND should normally be run in a chroot: meaning that the running daemon cannot access files outside of it's predetermined directory tree. This helps minimize the damage from a exploited service by restricting it's access to the file system once compromised. The following guides give examples of setting up chrooted BIND environments.
Chroot-BIND HOWTO (covers BIND 8)
Someone alerted me about a network vulnerability, and suggested an upgrade to BIND. (See details below if interested.)
How can I check if the server is running BIND?
ps -ef | grep BIND ????
=========================================================
DETAILS of VULNERABILITY
ISC BIND QINV Buffer Overflow (CVE-1999-0009)
Description
A buffer overflow condition exists within certain versions of BIND which allow an attacker to gain remote root compromise on affected servers.
Observation
A vulnerability exists in multiple versions of the ISC BIND server which can lead to remote root compromise. BIND does not properly bound the data received when processing an inverse query, thus allowing parts of memory to be overwritten and allow an attacker to execute code on the server. Versions include: 4.9 releases prior to 4.9.7 and 8.0 releases prior to 8.1.2
Vulnerable Systems:
BIND Version 4.9.6 - 8.1.1
For more information see:
BID 0134:
Impact
Recommendation
To correct the vulnerability upgrade to the most recent release of BIND. The Internet Software Consortium (ISC) currently maintains three branches of the BIND package: 4.x, 8.x and 9.x. You may download the most recent release of each branch of BIND in source code form from ftp://ftp.isc.org In addition, you may obtain further information on BIND at BIND 4.x is depreciated and will not be updated further by the ISC. BIND 8.x is still supported and will be for some time due to it's wide distribution. The latest BIND 8 series information is located at The BIND 9.x distribution which was a major rewrite of the BIND architecture is the suggested upgrade path for current 4.x or 8.x servers.
To build the BIND packages:
$tar -xvzf bind-x.x.x.tar.gz
$cd bind-x.x.x
$./configure
$make
$su
#make install
If the version of BIND you are replacing was included with the UNIX distribution and not installed separately you may need to change the install directories using the --prefix option when running configure.
BIND should normally be run in a chroot: meaning that the running daemon cannot access files outside of it's predetermined directory tree. This helps minimize the damage from a exploited service by restricting it's access to the file system once compromised. The following guides give examples of setting up chrooted BIND environments.
Chroot-BIND HOWTO (covers BIND 8)