NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2001-001
Issued	2001-Jan-31
Updated	2001-Feb-14
Package	bind
Summary	Multiple vulnerabilities in bind
Category	Buffer overflow, input validation
Severity	High (remote privilege escalation)
Products	Developer dm-3.1-15 and earlier
	OfficeServer os-2.0-10 and earlier

DESCRIPTION

CERT reports multiple vulnerabilities bind, version 8.2 and earlier. The problems include two buffer overflows, an input validation error, and leaks via environment variables. For further details please see the CERT advisory.

SOLUTION

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

http://www.netwinder.org/updates/3.1-15/armv4l/bind-8.2.3-1_nw1.armv4l.rpm
http://www.netwinder.org/updates/3.1-15/armv4l/bind-utils-8.2.3-1_nw1.armv4l.rpm

Optional packages

http://www.netwinder.org/updates/3.1-15/armv4l/bind-devel-8.2.3-1_nw1.armv4l.rpm
http://www.netwinder.org/updates/3.1-15/SRPMS/bind-8.2.3-1_nw1.src.rpm

REFERENCES

Cert advisory: http://www.cert.org/advisories/CA-2001-02.html