Patch-ID# 106865-02 Keywords: security BIND denial query in.named crash root Synopsis: SunOS 4.1.3_U1: in.named security fixes Date: Dec/04/98 Solaris Release: 1.1.1A SunOS Release: 4.1.3_U1A Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4(all) BugId's fixed with this patch: 4127017 4127028 4068577 4133571 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: 101838-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: in.named in.named-xfer nslookup nstest man/IN.NAMED man/IN.NAMED-XFER man/NSLOOKUP man/RESOLV.CONF man/RESOLVER Problem Description: 4127017 Inverse Query in BIND can crash system or gives root access to an attacker 4127028 BIND does not properly bounds check memory references in server and resolver 4068577 libresolv.so.2 buffer overflow vulnerability per SNI-12 bulletin 4133571 BIND has /tmp vulnerabilities Patch Installation Instructions: 1) As root, save copies of the original files: mv /usr/etc/in.named /usr/etc/in.named.FCS chmod 700 /usr/etc/in.named.FCS mv /usr/etc/in.named-xfer /usr/etc/in.named-xfer.FCS chmod 700 /usr/etc/in.named-xfer.FCS mv /usr/etc/nslookup /usr/etc/nslookup.FCS chmod 700 /usr/etc/nslookup.FCS mv /usr/etc/nstest /usr/etc/nstest.FCS chmod 700 /usr/etc/nstest.FCS 2) Install the new files from the patch directory. cp in.named /usr/etc chmod 755 /usr/etc/in.named chown root.staff /usr/etc/in.named cp in.named-xfer /usr/etc chmod 755 /usr/etc/in.named-xfer chown root.staff /usr/etc/in.named-xfer cp nslookup /usr/etc chmod 755 /usr/etc/nslookup chown root.staff /usr/etc/nslookup cp nstest /usr/etc/ chmod 755 /usr/etc/nstest chown root.staff /usr/etc/nstest New man pages are available in catman format. If the catman directories do not exist (/usr/share/cat*), then create them manually: mkdir /usr/share/man/cat3 mkdir /usr/share/man/cat5 mkdir /usr/share/man/cat8 Then, copy the new files: cp man/IN.NAMED /usr/share/man/cat8/in.named.8c cp man/IN.NAMED-XFER /usr/share/man/cat8/in.named-xfer.8c cp man/NSLOOKUP /usr/share/man/cat8/nslookup.8c cp man/RESOLV.CONF /usr/share/man/cat5/resolv.conf.5 cp man/RESOLVER /usr/share/man/cat3/resolver.3 The file attributes for man pages should be -r--r--r-- root staff Then move the old man pages into an archive directory: mkdir /usr/share/man/oldman mv /usr/share/man/man8/in.named.8c /usr/share/man/oldman/. mv /usr/share/man/man8/in.named-xfer.8c /usr/share/man/oldman/. mv /usr/share/man/man8/nslookup.8c /usr/share/man/oldman/. mv /usr/share/man/man5/resolv.conf.5 /usr/share/man/oldman/. mv /usr/share/man/man3/resolver.3 /usr/share/man/oldman/. 3) Reboot the system or kill and restart /usr/etc/in.named.