BIND 4.x and 8.x exposes environment variables

bind-inverse-query-disclosure (6018)

Medium Risk

Description:

ISC (Internet Software Consortium) BIND could allow a remote attacker to read environment variables from the stack. ISC BIND (Berkeley Internet Name Daemon) is the most popular implementation of the DNS (Domain Name Server) protocol for Unix and Linux DNS servers. A remote attacker can send an inverse query to the BIND server to access the program stack and view environment variables.

Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of ISC BIND 9 (9.1.0 or later), BIND 8 (8.2.3 or later), or BIND 4 (4.9.8 or later), available from the Internet Software Consortium Web page. See References.

If possible, upgrading to at least BIND 8.2.3 is highly recommended.

For Linux-Mandrake 6.0, 6.1, 7.0, 7.1, 7.2, and Corporate Server 1.0.1:
Upgrade to the latest version of BIND (8.2.3-1 or later) as listed in MandrakeSoft Security Advisory MDKSA-2001:017 : bind. See References.

For Trustix 1.0, 1.1, and 1.2:
Upgrade to the latest version of BIND (8.2.3-1tr or later) as listed in Trustix Security Advisory - bind. See References.

For Slackware Linux 7.1 and -current:
Upgrade to the latest version of BIND (8.2.3 or later), as listed in Slackware Advisory-1121. See References.

For Immunix OS 6.2 and 7.0-beta:
Upgrade to the latest version of BIND (8.2.3-0.6.x or later), as listed in Immunix OS Security Advisory IMNX-2001-70-001-01. See References.

For Red Hat Linux 5.2:
Upgrade to the latest version of BIND (8.2.3-0.5 or later), as listed in RHSA-2001:007-03. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of BIND (8.2.3-0.6 or later), as listed in RHSA-2001:007-03. See References.

For Red Hat Linux 7.0:
Upgrade to the latest version of BIND (8.2.3-1 or later), as listed in RHSA-2001:007-03. See References.

For Conectiva Linux 4.0, 4.0es, 4.1, 4.2, 5.0, prg grßficos, ecommerce, 5.1, 6.0:
Upgrade to the latest version of BIND (8.2.3-1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:377. See References.

For FreeBSD 3.x, 4.x, 3.5-STABLE, 4.2-STABLE:
Upgrade to the latest version of BIND (8.2.3 or later), as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-01:18. See References.

For NetBSD current, 1.4, 1.5:
Upgrade to the latest version of BIND, as listed in NetBSD Security Advisory 2001-001. See References.

For TurboLinux 6.0.5 and earlier:
Upgrade to the latest version of BIND (8.2.3-2 or later), as listed in TurboLinux Security Announcement TLSA2001004-1. See References.

For Caldera UnixWare 7.1.1:
Apply the patch for this vulnerability, as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.16. See References.

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 26965 for more information. See References.

SPARC Platform:
Solaris 2.4 with patch 102479-14 or later
Solaris 2.5 with patch 103667-12 or later
Solaris 2.5.1 with patch 103663-16 or later
Solaris 2.6 with patch 105755-10 or later
Solaris 7 with patch 107018-03 or later
Solaris 8 with patch 109326-04 or later

Intel Platform:
Solaris 2.4 with patch 102480-12 or later
Solaris 2.5 with patch 103668-12 or later
Solaris 2.5.1 with patch 103664-16 or later
Solaris 2.6 with patch 105756-10 or later
Solaris 7 with patch 107019-03 or later
Solaris 8 with patch 109327-04 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Mon Jan 29 2001 - 08:12:23 CST: bind.
• Caldera International, Inc. Security Advisory CSSA-2001-SCO.13: OpenServer: BIND buffer overflows.
• Caldera International, Inc. Security Advisory CSSA-2002-SCO.16: UnixWare 7.1.1 : Multiple Vulnerabilities in BIND.
• CERT Advisory CA-2001-02: Multiple Vulnerabilities in BIND.
• CERT Incident Note IN-2001-03: Exploitation of BIND Vulnerabilities.
• CIAC Information Bulletin L-030: Four Vulnerabilities in ISC BIND.
• CIAC Information Bulletin L-127: Sun BIND Vulnerabilities.
• Conectiva Linux Announcement CLSA-2001:377: bind.
• FreeBSD Security Advisory FreeBSD-SA-01:18: BIND remotely exploitable buffer overflow.
• IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2001:002.1: 4 Vulnerabilities in BIND4 and BIND8.
• Immunix OS Security Advisory IMNX-2001-70-001-01: bind.
• Internet Security Systems Security Alert #72: Remote Vulnerabilities in BIND versions 4 and 8.
• Internet Software Consortium (ISC) Web site: BIND Vulnerabilities.
• MandrakeSoft Security Advisory MDKSA-2001:017: bind update.
• NetBSD Security Advisory 2001-001: Multiple BIND vulnerabilities.
• SGI Security Advisory 20010401-01-P: IRIX BIND Vulnerabilities.
• Slackware Security Advisory-1121: multiple vulnerabilities in bind 8.x.
• Sun Alert ID: 26965: Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root).
• Sun Microsystems, Inc. Security Bulletin #00204: BIND.
• TurboLinux Security Announcement TLSA2001004-1: [TL-Security-Announce] Bind-8.2.3-2 TLSA2001004-1.
• BID-2321: ISC BIND Internal Memory Disclosure Vulnerability
• CVE-2001-0012: BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
• DSA-026: bind -- buffer overflows and information leak
• RHSA-2001-007: Updated bind packages available
• US-CERT VU#325431: Queries to ISC BIND servers may disclose environment variables

Platforms Affected:

• Connectiva Linux
• Debian Debian Linux 2.2
• FreeBSD FreeBSD
• Immunix Immunix OS 6.2
• Immunix Immunix OS 7.0-beta
• ISC BIND 4.9.3
• ISC BIND 4.9.5 P1
• ISC BIND 4.9.5
• ISC BIND 4.9.6
• ISC BIND 4.9.7
• ISC BIND 8.1.2
• ISC BIND 8.2
• ISC BIND 8.2.1
• ISC BIND 8.2.2
• ISC BIND 8.2.2 P1
• ISC BIND 8.2.2 P5
• ISC BIND 8.2.2 P3
• ISC BIND 8.2.2 P2
• ISC BIND 8.2.2 P4
• ISC BIND 8.2.2 P6
• ISC BIND 8.2.2 P7
• MandrakeSoft Mandrake Linux
• RedHat Linux 5.2
• RedHat Linux 6.2
• RedHat Linux 7
• RedHat Linux 7.1
• RedHat Linux 7.2
• RedHat Linux 7.3
• SCO Caldera OpenServer 5.0.6a and prior
• SCO Caldera UnixWare 7.1.1
• Slackware Slackware Linux
• Sun Solaris 1.0
• Sun Solaris 2.5.1
• Sun Solaris 2.6
• Sun Solaris 7.0
• Sun Solaris 8
• Trustix Secure Linux
• Turbolinux Turbolinux

Reported:

Jan 29, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page