MediumCheck or Attack Name: Bind DoS
A malicious remote user can format a DNS message that would cause BIND 4.9 and BIND 8 servers to read from invalid memory locations. This action will crash the BIND server. This vulnerability does not provide the attacker access to the system.
Any system running BIND 4.9 prior to 4.9.7 or BIND 8 prior to 8.1.2 is vulnerable.
Upgrade to BIND 8.1.2 and BIND 4.9.7 at http://www.isc.org/new-bind.html.
Vendor-specific instructions for resolving this issue are as follows:
Caldera Corporation: Upgrade to the bind-8.1.1-5 packages. They can be found on Caldera's FTP site at ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/006/RPMS. The corresponding source code can be found at ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/006/SRPMS.
Data General: Fixed in revision R4.20MU04 of DG/UX. Patches are available for earlier revisions. R4.20MU01: tcpip_R4.20MU01.p10; R4.20MU02: tcpip_R4.20MU02.p09; R4.20MU03: tcpip_R4.20MU03.p01; R4.11MU05: tcpip_R4.11MU05.p09; R4.12MU03: tcpip_R4.12MU03.p02.
Hewlett-Packard Company: HP9000 Series 700/800 running HP-UX releases 9.X, 10.X, and 11.00 are vulnerable. Patches are as follows: HP-UX 9.0, 9.01, 9.03, 9.04, 9.05, and 9.07: PHNE_13187; HP-UX 10.00, 10.01, 10.10, and 10.20: PHNE_14617; HP-UX 10.16: PHNE_16232; HP-UX 10.24: PHNE_16204; HP-UX 11.00: PHNE_12957.
IBM: Obtain and install patches for these operating system versions: AIX 4.1.x: IX76958; AIX 4.2.x: IX76959; AIX 4.3.x: IX76962 (this is BIND 8.1.2).
NEC: Patches are available at ftp://ftp.meshnet.or.jp/pub/48pub/security. Read the README file for FTP server file structure and the location of the patch for your operating system and version.
Red Hat Software, Inc.: Patches are available for Red Hat 4.2 for alpha (ftp://ftp.redhat.com/redhat/updates/4.2/alpha/bind-4.9.7-0.alpha.rpm), sparc (ftp://ftp.redhat.com/redhat/updates/4.2/sparc/bind-4.9.7-0.sparc.rpm), and i386 (ftp://ftp.redhat.com/redhat/updates/4.2/i386/bind-4.9.7-0.i386.rpm). Patches are available for Red Hat 5.0 for alpha (ftp://ftp.redhat.com/redhat/updates/5.0/alpha/bind-4.9.7-1.alpha.rpm) and i386 (ftp://ftp.redhat.com/redhat/updates/5.0/i386/bind-4.9.7-1.i386.rpm). Patches are available for Red Hat 5.1 for alpha (ftp://ftp.redhat.com/redhat/updates/5.1/alpha/bind-4.9.7-1.alpha.rpm), i386 (ftp://ftp.redhat.com/redhat/updates/5.1/i386/bind-4.9.7-1.i386.rpm), and sparc (ftp://ftp.redhat.com/redhat/updates/5.1/sparc/bind-4.9.7-1.sparc.rpm).
Santa Cruz Operation, Inc.: Binary versions of BIND 4.9.7 are available from the SCO ftp site at ftp://ftp.sco.com/SSE/sse012.ltr (cover letter) and ftp://ftp.sco.com/SSE/sse012.tar.Z (replacement binaries for SCO Open Desktop/Open Server 3.0, SCO Unix 3.2v4, SCO OpenServer 5.0, SCO UnixWare 2.1, and SCO UnixWare 7).
Silicon Graphics, Inc.: IRIX 3.x, IRIX 4.x, IRIX 5.0.x, IRIX 5.1.x, IRIX 5.2, IRIX 6.0.x, IRIX 6.1: upgrade to currently supported IRIX operating system. Install indicated patch ID for these OS versions: IRIX 5.3 (3123), IRIX 6.2 (3117), IRIX 6.3 (2740), IRIX 6.4 (2741). IRIX 6.5 is not vulnerable.
CERT Advisory CA-98.05, Multiple Vulnerabilities in BIND, http://www.cert.org/ftp/cert_advisories/CA-98.05.bind_problems
Hewlett-Packard Security Bulletin HPSBUX9808-083, Security Vulnerability in BIND on HP-UX, http://us-support.external.hp.com/
Silicon Graphics Inc. Security Advisory 19980603-01-PX, IRIX BIND DNS Vulnerabilities, ftp://sgigate.sgi.com/security/19980603-01-PX
