CVE-2002-1219
CVSS7.5
发布时间 :2002-11-29 00:00:00
修订时间 :2016-10-17 22:24:51
NMCOS    

[原文]Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).


[CNNVD]ISC BIND SIG缓存资源记录远程缓冲区溢出漏洞(CNNVD-200211-055)

        
        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。
        BIND 4和BIND 8中存在一个缓冲区溢出漏洞可能导致远程入侵有问题的DNS服务器。如果攻击者控制了任意一台权威DNS服务器, 就可以让BIND在其内部数据库中缓存DNS信息(如果递归被允许)。缺省递归是被允许的,除非通过命令行参数或在BIND配置文件中被禁止。当BIND在创建包含SIG资源记录(RR)的DNS回复报文时会发生缓冲区溢出,从而造成任意代码被以DNS服务器运行权限执行。
        要实施攻击,要求攻击者控制一台有效的权威DNS服务器,同时被攻击的BIND服务器要允许递归查询。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:isc:bind:8.2ISC BIND 8.2
cpe:/a:isc:bind:8.2.1ISC BIND 8.2.1
cpe:/a:isc:bind:8.3.0ISC BIND 8.3.0
cpe:/a:isc:bind:4.9.9ISC BIND 4.9.9
cpe:/a:isc:bind:8.2.4ISC BIND 8.2.4
cpe:/a:isc:bind:8.3.3ISC BIND 8.3.3
cpe:/o:openbsd:openbsd:3.0OpenBSD 3.0
cpe:/a:isc:bind:8.2.5ISC BIND 8.2.5
cpe:/a:isc:bind:4.9.7ISC BIND 4.9.7
cpe:/a:isc:bind:8.2.2ISC BIND 8.2.2
cpe:/a:isc:bind:8.3.1ISC BIND 8.3.1
cpe:/a:isc:bind:4.9.8ISC BIND 4.9.8
cpe:/a:isc:bind:8.2.3ISC BIND 8.2.3
cpe:/a:isc:bind:8.3.2ISC BIND 8.3.2
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/a:isc:bind:8.2.6ISC BIND 8.2.6
cpe:/o:openbsd:openbsd:3.2OpenBSD 3.2
cpe:/o:openbsd:openbsd:3.1OpenBSD 3.1
cpe:/a:isc:bind:4.9.5ISC BIND 4.9.5
cpe:/a:isc:bind:4.9.6ISC BIND 4.9.6
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/a:isc:bind:4.9.10ISC BIND 4.9.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:2539BIND SIG Resource Records Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1219
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1219
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-055
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
(UNKNOWN)  SGI  20021201-01-P
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
(VENDOR_ADVISORY)  ISS  20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
(UNKNOWN)  CONECTIVA  CLA-2002:546
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
(UNKNOWN)  APPLE  2002-11-21
http://marc.info/?l=bugtraq&m=103713117612842&w=2
(UNKNOWN)  BUGTRAQ  20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
http://marc.info/?l=bugtraq&m=103763574715133&w=2
(UNKNOWN)  BUGTRAQ  20021118 TSLSA-2002-0076 - bind
http://online.securityfocus.com/advisories/4999
(UNKNOWN)  COMPAQ  SSRT2408
http://online.securityfocus.com/archive/1/300019
(UNKNOWN)  BUGTRAQ  20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
(UNKNOWN)  CONFIRM  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
http://www.cert.org/advisories/CA-2002-31.html
(UNKNOWN)  CERT  CA-2002-31
http://www.ciac.org/ciac/bulletins/n-013.shtml
(UNKNOWN)  CIAC  N-013
http://www.debian.org/security/2002/dsa-196
(UNKNOWN)  DEBIAN  DSA-196
http://www.isc.org/products/BIND/bind-security.html
(VENDOR_ADVISORY)  CONFIRM  http://www.isc.org/products/BIND/bind-security.html
http://www.kb.cert.org/vuls/id/852283
(UNKNOWN)  CERT-VN  VU#852283
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:077
http://www.securityfocus.com/bid/6160
(UNKNOWN)  BID  6160
http://xforce.iss.net/xforce/xfdb/10304
(UNKNOWN)  XF  bind-sig-rr-bo(10304)

- 漏洞信息

ISC BIND SIG缓存资源记录远程缓冲区溢出漏洞
高危 边界条件错误
2002-11-29 00:00:00 2005-05-13 00:00:00
远程  
        
        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。
        BIND 4和BIND 8中存在一个缓冲区溢出漏洞可能导致远程入侵有问题的DNS服务器。如果攻击者控制了任意一台权威DNS服务器, 就可以让BIND在其内部数据库中缓存DNS信息(如果递归被允许)。缺省递归是被允许的,除非通过命令行参数或在BIND配置文件中被禁止。当BIND在创建包含SIG资源记录(RR)的DNS回复报文时会发生缓冲区溢出,从而造成任意代码被以DNS服务器运行权限执行。
        要实施攻击,要求攻击者控制一台有效的权威DNS服务器,同时被攻击的BIND服务器要允许递归查询。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 如果您并不需要提供递归查询, 您可以关闭之. 在大多数情况下, 递归查询都是
        可以关闭的.
         具体方法可参考如下步骤:
         <1> BIND 8系列
         打开BIND配置文件named.conf(例如/etc/named.conf)
         在options栏中增加下列行:
         recursion no;
         例如:
         options {
         ...
         recursion no;
         ...
         };
         <2> BIND 4系列
         打开BIND配置文件named.boot
         增加下列行:
         options no-recursion
        
         重新起动BIND服务以使修改生效.
        * 如果您必需提供递归查询服务, 您可以在网关设备或边界防火墙上过滤对DNS服务器
         TCP/53端口的访问.
         根据ISS X-Force小组的分析, 目前已知的攻击方法是通过发送TCP报文来实现的.
         除了发送很大的DNS报文或者是在主/从DNS服务器间进行域传输的情况, 基本使用
         UDP进行传输就足够了. 因此如果您无法立刻安装补丁又无法关闭递归查询, 您可以
         通过过滤TCP/53端口来减小受到攻击的可能性.
         注意这只能减少但不能完全消除受到攻击的可能性.
        * 升级到BIND 9, 例如BIND 9.2.1:
         ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz
        厂商补丁:
        ISC
        ---
        ISC已经提供的BIND 4.9.11, 8.2.7, 8.3.4中修复了这一漏洞。如果您只想安装补丁修补当前BIND系统,可访问如下链接获取补丁文件:
        
        http://www.isc.org/products/BIND/bind-security.html

- 漏洞信息

869
ISC BIND named SIG Resource Server Response RR Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

This system appears to be running a version of BIND that is vulnerable to a remote buffer overflow in the code that creates response messages for SIG record requests. This vulnerability affects BIND versions 4.9.5 to 4.9.10, as well versions 8.1 to 8.3.3.

- 时间线

2002-11-12 Unknow
Unknow Unknow

- 解决方案

Please upgrade to BIND 4.9.11 or 8.3.4 (or BIND 9), depending on which version you are using. More information about this vulnerability can be found at the vendor's web site: http://www.isc.org/products/BIND/bind-security.html

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ISC BIND SIG Cached Resource Record Buffer Overflow Vulnerability
Boundary Condition Error 6160
Yes No
2002-11-12 12:00:00 2009-07-11 07:16:00
Discovery of this vulnerability credited to Neel Mehta of ISS X-Force.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Cobalt RaQ XTR
SGI IRIX 6.5.18
SGI IRIX 6.5.17
SGI IRIX 6.5.16
SGI IRIX 6.5.15
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
SCO Open Server 5.0.7
SCO Open Server 5.0.6
SCO Open Server 5.0.5
Openwall Openwall GNU/*/Linux (Owl)-current
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.0
ISC BIND 8.3.3
ISC BIND 8.3.2
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
ISC BIND 8.3.1
ISC BIND 8.3 .0
ISC BIND 8.2.6
+ Conectiva Linux 6.0
+ OpenPKG OpenPKG 1.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
ISC BIND 8.2.5
+ OpenPKG OpenPKG 1.0
+ Trustix Secure Linux 1.5
ISC BIND 8.2.4
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
+ Trustix Secure Linux 1.2
ISC BIND 8.2.3
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Debian Linux 2.2
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
ISC BIND 8.2.2
ISC BIND 8.2.1
ISC BIND 8.2
- Caldera OpenLinux 2.2
- Caldera OpenLinux 1.3
- Caldera UnixWare 7.1.1
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- RedHat Linux 6.1 i386
- RedHat Linux 6.0
- RedHat Linux 5.2 i386
- RedHat Linux 5.1
- RedHat Linux 5.0
- RedHat Linux 4.2
- RedHat Linux 4.1
- RedHat Linux 4.0
- Slackware Linux 4.0
ISC BIND 4.9.10 OW2
ISC BIND 4.9.10
ISC BIND 4.9.9
ISC BIND 4.9.8
ISC BIND 4.9.7
+ HP HP-UX 11.0 4
+ HP HP-UX 11.0
+ HP HP-UX 10.24
+ HP HP-UX 10.20
+ HP HP-UX 10.10
ISC BIND 4.9.6
ISC BIND 4.9.5
ISC BIND 4.9.4
ISC BIND 4.9.3
ISC BIND 4.9
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.24
HP HP-UX 10.20
HP HP-UX 10.10
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
Compaq Tru64 5.1 b PK1 (BL1)
Compaq Tru64 5.1 b
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Astaro Security Linux 3.2 11
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
Apple Mac OS X 10.2
Apple Mac OS X 10.1
Apple Mac OS X 10.0
SGI IRIX 6.5.19
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ S.u.S.E. Linux Personal 8.2
ISC BIND 8.2.7
ISC BIND 4.9.11
Astaro Security Linux 3.2 12

- 不受影响的程序版本

SGI IRIX 6.5.19
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ S.u.S.E. Linux Personal 8.2
ISC BIND 8.2.7
ISC BIND 4.9.11
Astaro Security Linux 3.2 12

- 漏洞讨论

It has been reported that DNS servers, running BIND with recursive DNS functionality enabled, are prone to a buffer overflow condition.

An attacker-controlled authoritative DNS server may cause BIND to cache information into an internal database, when recursion is enabled. A buffer overflow vulnerability exists when the DNS server constructs a response to a client request for cached information.

Exploitation of this issue could result in the execution of arbitrary attacker-supplied code with the privileges of the vulnerable BIND daemon.

It should be noted that recursive DNS functionality is enabled by default.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

SCO has released a security advisory to address this issue in OpenServer (CSSA-2003-SCO.17.1). Further information relating to obtaining and applying fixes can be found in the referenced advisory.

HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).

ISC has stated that new versions of BIND 4 and 8 will be available in the near future. Users are advised to contact ISC for further details. ISC has released patches for some versions.

FreeBSD has released an advisory. Users are advised to update systems to the 4.7-STABLE branch or to the appropriate RELENG_4_x branch dated after the correction date. A patch is also available. Further details on obtaining and applying fixes can be found in the referenced advisory.

EnGarde Secure Linux has released an advisory. Further information about obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory. Updated packages are available. Further information about obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2002:077) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 196-1) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released an advisory (CLA-2002:546) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory containing upgrades for this and other vulnerabilities. OpenPKG 1.0 users are advised to upgrade to the bind-8.2.6-1.0.2 package or later. OpenPKG 1.1 users are advised to upgrade to the bind8-8.3.3-1.1.1 package or later. OpenPKG CURRENT users are advised to upgrade to the bind8-8.3.3-20021114 package or later. bind-9.2.1-1.1.0 packages are also available for OpenPKG 1.1/CURRENT. Further details on obtaining and applying fixes can be found in the attached reference.

This issue is present in Astaro Security Linux versions prior to Up2Date 3.212. Up2Date 3.211 is the minimum version required for users to install Up2Date 3.212.

Trustix Secure Linux has released an advisory. Further details about obtaining and applying fixes can be found in the referenced advisory.

NetBSD has released an advisory. Details about upgrading vulnerable packages through CVS can be found in the referenced advisory.

SGI has released an advisory, and advised vulnerable users to apply patch 4881 to execute the server in a chroot environment. This patch does not fix the vulnerability, but does limit the impact of exploitation. SGI has reported this vulnerability will be fixed in IRIX 6.5.19.

SCO has released an advisory and fixes for OpenLinux (CSSA-2002-059.0). Users are advised to upgrade as soon as possible.

SCO has released a security advisory for UnixWare (CSSA-2003-SCO.2). Information, on obtaining and applying fixes, can be gathered from the reverenced advisory.

Sun recommends disabling recursion if not needed. Patches are available.

Apple has patched this issue in MacOS X versions 10.2.3 and later. See referenced web page for additional details.

Fixes are available:


OpenBSD OpenBSD 3.2

Sun Solaris 8_sparc

OpenBSD OpenBSD 3.0

Sun Cobalt RaQ XTR

Sun Solaris 7.0

Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 7.0_x86

OpenBSD OpenBSD 3.1

Sun Solaris 8_x86

HP HP-UX 10.10

HP HP-UX 10.20

HP HP-UX 11.0 4

HP HP-UX 11.0

HP HP-UX 11.11

HP HP-UX 11.22

Compaq Tru64 4.0 f PK6 (BL17)

Compaq Tru64 4.0 f

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 g

Compaq Tru64 4.0 f PK7 (BL18)

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

ISC BIND 4.9.10

ISC BIND 4.9.7

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.0 a

Compaq Tru64 5.1 b PK1 (BL1)

Compaq Tru64 5.1 a PK1 (BL1)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 PK3 (BL17)

Compaq Tru64 5.1 PK4 (BL18)

Compaq Tru64 5.1 a

Compaq Tru64 5.1

Compaq Tru64 5.1 PK5 (BL19)

Compaq Tru64 5.1 a PK3 (BL3)

Compaq Tru64 5.1 b

ISC BIND 8.2.3

ISC BIND 8.2.4

ISC BIND 8.2.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站