Patch-ID# 106866-02
Keywords: security BIND denial query in.named crash root
Synopsis: SunOS 4.1.4: in.named security fixes
Date: Dec/04/98

Solaris Release: 1.1.2

SunOS Release: 4.1.4

Unbundled Product: 

Unbundled Release: 

Relevant Architectures: sparc
    NOTE: sun4(all)

BugId's fixed with this patch: 4127017 4127028 4068577 4133571

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch:  in.named
				 in.named-xfer
				 nslookup
				 nstest
				 man/IN.NAMED
				 man/IN.NAMED-XFER
				 man/NSLOOKUP
				 man/RESOLV.CONF
				 man/RESOLVER

Problem Description: 

4127017 Inverse Query in BIND can crash system or gives root access to an attacker
4127028 BIND does not properly bounds check memory references in server and resolver
4068577 libresolv.so.2 buffer overflow vulnerability per SNI-12 bulletin
4133571 BIND has /tmp vulnerabilities

Patch Installation Instructions: 

1) As root, save copies of the original files:

     mv /usr/etc/in.named /usr/etc/in.named.FCS
     chmod 700 /usr/etc/in.named.FCS
     mv /usr/etc/in.named-xfer /usr/etc/in.named-xfer.FCS
     chmod 700 /usr/etc/in.named-xfer.FCS
     mv /usr/etc/nslookup /usr/etc/nslookup.FCS
     chmod 700 /usr/etc/nslookup.FCS
     mv /usr/etc/nstest /usr/etc/nstest.FCS
     chmod 700 /usr/etc/nstest.FCS
     
2) Install the new files from the patch directory:  
   
     cp in.named /usr/etc
     chmod 755 /usr/etc/in.named
     chown root.staff /usr/etc/in.named
     cp in.named-xfer /usr/etc
     chmod 755 /usr/etc/in.named-xfer
     chown root.staff /usr/etc/in.named-xfer
     cp nslookup /usr/etc
     chmod 755 /usr/etc/nslookup
     chown root.staff /usr/etc/nslookup
     cp nstest /usr/etc/
     chmod 755 /usr/etc/nstest
     chown root.staff /usr/etc/nstest

     New man pages are available in catman format.  If the catman
     directories do not exist (/usr/share/cat*), then create them
     manually:

     mkdir /usr/share/man/cat3
     mkdir /usr/share/man/cat5
     mkdir /usr/share/man/cat8

     Then, copy the new files:

     cp man/IN.NAMED /usr/share/man/cat8/in.named.8c
     cp man/IN.NAMED-XFER /usr/share/man/cat8/in.named-xfer.8c
     cp man/NSLOOKUP /usr/share/man/cat8/nslookup.8c
     cp man/RESOLV.CONF /usr/share/man/cat5/resolv.conf.5
     cp man/RESOLVER /usr/share/man/cat3/resolver.3
     
     The file attributes for man pages should be
     -r--r--r--   root  staff

     Then move the old man pages into an archive directory:

     mkdir /usr/share/man/oldman
     mv /usr/share/man/man8/in.named.8c /usr/share/man/oldman/.
     mv /usr/share/man/man8/in.named-xfer.8c /usr/share/man/oldman/.
     mv /usr/share/man/man8/nslookup.8c /usr/share/man/oldman/.
     mv /usr/share/man/man5/resolv.conf.5 /usr/share/man/oldman/.
     mv /usr/share/man/man3/resolver.3 /usr/share/man/oldman/.

3) Reboot the system or kill and restart /usr/etc/in.named.
