[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SHP Install Was Cobalt RaQ4 Remote root exploit
- Subject: Re: [cobalt-security] SHP Install Was Cobalt RaQ4 Remote root exploit
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 6 Dec 2002 12:02:40 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Alan,
> >It should be reported as bind-8.2.3-C4, bind-8.3.3-SOL2RaQ34 or
> >bind-8.3.4-SOL1RaQ34. Those versions are fine.
>
> What about
>
> bind-8.2.3-C5stackguard
I just looked into the matter as I wasn't 100% sure about that version.
bind-8.2.3-C5stackguard had been packaged on 12th November 2001 and was part
of the original SHP package.
I also looked into bind-8.2.3-C4 again. That one has been packaged on 18th
September 2001 and it was/is part of RaQ4-All-Security-1.0.1-10749.pkg
Just by looking at the date it does NOT appear as if both fix the
vulnerabilities outlined in the ISS X-Force advisory from 12th November 2002:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
There are two flaws in Bind 8 prior to 8.3.4 (or a patched 8.3.3). One allows
for a denial of service attack and the other one is a remotely exploitable
buffer overflow.
To me it is unclear to which degree the compilation with Stackguard hardens
bind-8.2.3-C5stackguard against the buffer overflow, but personally speaking
I'd feel insufficiently protected if I had to rely on it.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer