V50_SSRT0636U Security Vulnerabilities in BIND on Tru64 UNIX V5.0
 Multiple Security Vulnerabilities in BIND 

TITLE: V50_SSRT0636U Security Vulnerabilities in BIND on Tru64 UNIX V5.0
 
Copyright (c) COMPAQ Computer Corporation 2000.  All rights reserved.

Modification Date: 04-FEB-2000
Modification Type: Updated Security Patch


DATE:   Feb. 4, 2000
TITLE:  Multiple Security Vulnerabilities in BIND 
X-REF:  SSRT0636U, CERT Advisory CA-99.14,  ISC Advisory 
        dated Nov 8, 1999 
 
PATCH IDENTIFIER: V50_SSRT0636U.tar
          
SOURCE: Compaq Computer Corporation
        Software Security Response Team 
                  
 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.
 
 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."
 
-------------------------------------------------------------------------
IMPACT:
                                                                       
Versions Affected:  Compaq's Tru64 UNIX V5.0


This patch resolves the potential reported vulnerability with the 
'maxdname' bug (problem #6 in the list below) for Tru64 UNIX V5.0. 


*** TCP/IP installations for Compaq's OpenVMS Alpha and OpenVMS VAX 
    are not Vulnerable to these reported problems.


Issues/Problem & Severity                       Impacts
(See Attachement for details)    Tru64 UNIX V4.0D-       Tru64 UNIX V5.0
                                            V4.0F

1."nxt bug"(critical)                    No                No
2."solinger bug"(serious)                No                Yes
3."fdmax bug"(serious)                   No                Yes
4."sig bug"(serious)                     No                No
5."naptr bug" (minor)                    No                Yes
6."maxdname bug" (minor)                 Yes               Yes



-------------------------------------------------------------------------
RESOLUTION:

A patch is available for Tru64 UNIX V5.0 with DUpatchkit BL1 installed.  
See the attachment for a list of all of the reported Tru64 UNIX Bind issues 
described in the advisory postings and Compaq's solution or workarounds.

Note: The solution provided in this kit will be included in a future 
      distributed DUpatchkit and future release of Compaq's Tru64 UNIX 
      accordingly.
 
This patch kit may be obtained from the World Wide Web at the
following FTP address:
 
       http://www.support.compaq.com/patches
 
 Patch file name: V50_SSRT0636U.tar 
 
 Use the FTP access option, select DIGITAL_UNIX directory
 then choose the appropriate version directory and
 download the patch accordingly. 
 
  Note: The README file with this patch is included 
        as part of the V50_SSRT0636U.tar file.
 

INSTALLATION INSTRUCTIONS:

Notice this patch includes two named objects and two library objects with
specific instructions for installing each of them.

Assume the patch files are in the directory /patches.

To install the libraries, perform the following.
As root,

  # cd /usr/ccs/lib
  # cp /patches/libc.a libc.a.new
  # chown bin:bin libc.a.new
  # chmod 644 libc.a.new
  # ln libc.a libc.a.orig
  # mv libc.a.new libc.a
  # ln -f libc.a libc_r.a

  # cd /shlib
  # cp /patches/libc.so libc.so.new
  # chown bin:bin libc.so.new
  # chmod 644 libc.so.new
  # ln libc.so libc.so.orig
  # mv libc.so.new libc.so
  # ln -f libc.so libc_r.so

NOTE 1:  Any applications that are linked against the shared
         library (libc.so) that are running at the time the patch
         is installed will continue to use the original version of
         the shared library until they are restarted.

NOTE 2:  On V4.0 and later systems, libc_r.so is now a hard link
         to libc.so and libc.so has been moved from /usr/shlib
         to the new /shilb directory.


To install named, perform the following.
Stop named process.
As root,

# cd /sbin
# mv named named.orig
# cp /patches/v50_named ./named
# chown bin:bin named
# chmod 755 named

# cd /usr/sbin
# mv named named.orig
# cp /patches/v50_usr_named ./named
# mv named-xfer named-xfer.orig
# cp /patches/v50_named-xfer named-xfer
# chown bin:bin named named-xfer
# chmod 755 named named-xfer


  A kernel rebuild is not required, but you must reboot the system
  to encorporate these patches.



 Additional Considerations:
 
 If you need further information, please contact your normal 
 Compaq Services support channel.
 
 Compaq appreciates your cooperation and patience. We regret any
 inconvenience applying this information may cause.
 
 As always, Compaq urges you to periodically review your system
 management and security procedures. 
 
 Compaq will continue to review and enhance the security
 features of its products and work with customers to maintain and
 improve the security and integrity of their systems.
 
-------------------------------------------------------------------------
Compaq shall not be liable for technical or editorial errors or omissions
contained herein.  The information in this document is subject to change
without notice.   Copyright  Compaq Computer Corporation, 2000. 
Unpublished Rights Reserved Under the Copyright Laws of the United States.
-------------------------------------------------------------------------

ATTACHMENT:
 
*NOTE: This information only applies to currently supported versions.
       The following are all of the reported Bind issues described in 
       the recent postings, how it affects Compaq Tru64 Unix, and any 
       possible workarounds.

                             
TCP/IP installations for Compaq's OpenVMS Alpha and OpenVMS VAX 
are not Vulnerable to these reported problems.


#1_______________
Name: "nxt bug"
Severity: CRITICAL
Attack type: remote access

        Compaq Tru64 UNIX  products are not vulnerable to this attack.


#2_______________
Name: "solinger bug"
Severity: SERIOUS
Attack type: Denial of service

   Compaq Tru64 Unix 5.0 is vulnerable to this attack. At this
   time no acceptable workaround is available, but Compaq is working on
   a patch.


#3_______________
Name: "fdmax bug"
Severity: SERIOUS
Attack type: Denial of service

   Compaq Tru64 Unix 5.0 is vulnerable to this attack. Compaq is
   currently working on a patch. In the mean time, a workaround is
   available:

-- add the following statement to the "options" section in named.conf
   { files #; } where # is less then 4096 (for V5.0 systems)


#4_______________
Name: "sig bug"
Severity: SERIOUS
Attack type: Denial of service

        Compaq Tru64 UNIX  products are not vulnerable to this attack.


#5_______________
Name: "naptr bug"
Severity: MINOR
Attack type: Denial of service

   Compaq Tru64 Unix 5.0 is vulnerable to this attack and Compaq is
   currently working on a patch.  In the mean time a workaround is
   available:

-- Make sure that permission level required to modify zone files is
   the same or higher then that of a DNS server. 

Note: Typical permissions on zone files should be 0444 (owner read, 
      group read, all read) and owned by the same user who owns 'named' 
      executable.


#6_______________
Name: "maxdname bug"
Severity: MINOR
Attack type: Denial of service

   Compaq Tru64 Unix products are vulnerable to this attack. 
   Compaq has provided a patch SSRT0636U.tar for Tru64 UNIX 
   V4.0D through V4.0F

Colorado Site
Georgia Site

v50_ssrt0636u.README
v50_ssrt0636u.CHKSUM
v50_ssrt0636u.tar