[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sun] UPDATE: Schwachstelle im BIND Server von Sun Solaris - 103063
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
Liebe Kolleginnen und Kollegen,
soeben erreichte uns das nachfolgende Bulletin des SUN Customer Warning
System. Wir geben diese Informationen unveraendert an Sie weiter.
Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:
Mit diesem Update ersetzt Sun die vorlaeufigen Patches fuer Solaris 8
und 9 (Sparc und x86) durch regulaere.
CVE-2007-2930 - Schwachstelle im ISC BIND Server in der Version 8.0
Der ISC BIND Server erzeugt IDs von DNS-Anfragen in einer
kryptographisch unsicheren Weise, so dass die ID der naechsten Anfrage
aus der Historie erraten werden kann. Die Ursache liegt in Fehlern
innerhalb der verwendeten Algorithmen zur Generierung der IDs. Betroffen
sind nur ausgehende Anfragen, wenn BIND als Resolver verwendet wird,
oder wenn die Ergebnisse der Anfragen fuer interne Zwecke verwendet
werden (beispielsweise in NOTIFY Nachrichten an Slave Nameserver). Ein
entfernter Angreifer kann diese Schwachstelle ausnutzen, um die
Ergebnisse von DNS-Anfragen zu faelschen (DNS cache poisoning). Die
Schwachstelle ist in den Auswirkungen aehnlich zur Schwachstelle
CVE-2007-2926, besitzt aber eine andere Ursache und betrifft nur ISC
BIND in der Version 8.
Betroffen sind die folgenden Software Pakete und Plattformen:
BIND 8
SPARC Plattform
* Solaris 8 ohne Patch 109326-20
* Solaris 9 ohne Patch 112837-14
x86 Plattform
* Solaris 8 ohne Patch 109327-20
* Solaris 9 ohne Patch 114265-13
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Andreas Bunten, DFN-CERT
- --
Andreas Bunten (CSIRT), +49 40 808077-555
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Heidenkampsweg 41, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Sun(sm) Alert Notification
* Sun Alert ID: 103063
* Synopsis: Security Vulnerability in BIND 8 May Allow Cache Poisoning
Attack
* Category: Security
* Product: Solaris 9 Operating System, Solaris 8 Operating System
* BugIDs: 6596938
* Avoidance: Patch
* State: Resolved
* Date Released: 18-Sep-2007, 15-Oct-2007
* Date Closed: 15-Oct-2007
* Date Modified: 15-Oct-2007
1. Impact
A security vulnerability in BIND 8 may allow remote unprivileged users the
ability to cause named(1M) to return incorrect addresses for Internet hosts,
thereby redirecting end users to unintended hosts or services.
This issue is also referenced in the following documents:
CERT-US VU#927905 at http://www.kb.cert.org/vuls/id/927905
CVE-2007-2930 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Solaris 8 without patch 109326-20
* Solaris 9 without patch 112837-14
x86 Platform
* Solaris 8 without patch 109327-20
* Solaris 9 without patch 114265-13
Note: Solaris 10 is not impacted by this issue.
Only systems with the BIND named(1M) service enabled are impacted by this
issue. To verify if BIND is running on a system, the following command can
be used:
$ ps -e | grep in.named && echo "BIND is running"
3. Symptoms
There are no reliable symptoms that would indicate the described issue has
occurred.
Solution Summary Top
4. Relief/Workaround
There is no workaround. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 8 with patch 109326-20 or later
* Solaris 9 with patch 112837-14 or later
x86 Platform
* Solaris 8 with patch 109327-20 or later
* Solaris 9 with patch 114265-13 or later
Change History
15-Oct-2007:
* State: Resolved
* Updated Contributing Factors, Relief/Workaround, and Resolution sections
This Sun Alert notification is being provided to you on an "AS IS" basis.
This Sun Alert notification may contain information provided by third
parties. The issues described in this Sun Alert notification may or may not
impact your system(s). Sun makes no representations, warranties, or
guarantees as to the information contained herein. ANY AND ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE
HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL
IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR
CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE
INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun
proprietary and confidential information. It is being provided to you
pursuant to the provisions of your agreement to purchase services from Sun,
or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun
Alert notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRxXYXxYd1iQZmhQQAQEl5wf+PZMGgkN/l9EAKYByiH80zmW/74RDXK3m
ldciW2jk7RIfyzfHvLaPySLHmrqeJQSJHBw8InteTV9Y8cIckBPf19LpJ7oMLE48
kFma0+zSLinD0Y782eqLzig4eryjO8/DWNCypjfLBOEtlznA3vxf41+51pQpo5F6
JArwEKT0jI1dgJi7+Ne2pIicNagqtbE5EJUY0iILhkRmplxbUQrgufgOokB3ztzd
p+ZKiXaligrsdEEaFvRj6b//Y8z+BbjmsEGEE8bkxrp00WIBaZ2PJxTNCkLZtydX
rjINMcQ9pDPUXGR2ctoBqnSFcATNQWTjxMGiaZ+sXvG59TVy46i0VQ==
=dwmA
-----END PGP SIGNATURE-----