ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

Bugtraq ID:	2302
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 29 2001 12:00AM
Updated:	Jan 29 2001 12:00AM
Credit:	Discovered and documented by Anthony Osborne and John McDonald of the COVERT Labs at PGP Security.
Vulnerable:	ISC BIND 8.2.2 p7 ISC BIND 8.2.2 p6 ISC BIND 8.2.2 p5 + Caldera OpenLinux Desktop 2.3 + Caldera UnixWare 7.1.1 + Debian Linux 2.3 sparc + Debian Linux 2.3 powerpc + Debian Linux 2.3 arm + Debian Linux 2.3 alpha + Debian Linux 2.3 68k + Debian Linux 2.3 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + IBM AIX 4.3.3 + IBM AIX 4.3.2 + IBM AIX 4.3.1 + IBM AIX 4.3 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Mandriva Linux Mandrake 7.0 + Mandriva Linux Mandrake 6.1 + Mandriva Linux Mandrake 6.0 + Redhat Linux 7.0 J sparc + Redhat Linux 7.0 J i386 + Redhat Linux 7.0 J alpha + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Redhat Linux 6.1 sparc + Redhat Linux 6.1 i386 + Redhat Linux 6.1 alpha + Redhat Linux 6.0 sparc + Redhat Linux 6.0 alpha + Redhat Linux 6.0 + Redhat Linux 5.2 sparc + Redhat Linux 5.2 i386 + Redhat Linux 5.2 alpha + SCO eDesktop 2.4 + SCO eServer 2.3 + SuSE Linux 6.4 ppc + SuSE Linux 6.4 alpha + SuSE Linux 6.4 + SuSE Linux 6.3 alpha + SuSE Linux 6.3 + SuSE Linux 6.2 + SuSE Linux 6.1 alpha + SuSE Linux 6.1 + SuSE Linux 6.0 + Trustix Trustix Secure Linux 1.1 + Trustix Trustix Secure Linux 1.0 ISC BIND 8.2.2 p4 ISC BIND 8.2.2 p3 ISC BIND 8.2.2 p2 ISC BIND 8.2.2 p1 ISC BIND 8.2.2 ISC BIND 8.2.1 ISC BIND 8.2 - Caldera OpenLinux 2.2 - Caldera OpenLinux 1.3 - Caldera UnixWare 7.1.1 - IBM AIX 4.3.3 - IBM AIX 4.3.2 - IBM AIX 4.3.1 - IBM AIX 4.3 - Redhat Linux 6.1 i386 - Redhat Linux 6.0 - Redhat Linux 5.2 i386 - Redhat Linux 5.1 - Redhat Linux 5.0 - Redhat Linux 4.2 - Redhat Linux 4.1 - Redhat Linux 4.0 - Slackware Linux 4.0
Not Vulnerable:	ISC BIND 9.1 + Caldera OpenUnix 8.0 + HP Secure OS software for Linux 1.0 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.1 + SuSE Linux 7.1 x86 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha + SuSE Linux 7.1 ISC BIND 9.0 + SuSE Linux 7.0 sparc + SuSE Linux 7.0 ppc + SuSE Linux 7.0 i386 + SuSE Linux 7.0 alpha + SuSE Linux 7.0 ISC BIND 8.2.3 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Debian Linux 2.2 + EnGarde Secure Linux 1.0.1 + Immunix Immunix OS 7+

ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 8 of BIND contains a overflow that may be exploitable to remote attackers. Due to a bug that is present when handling invalid transaction signatures, it is possible to overwrite some memory locations with a known value. If the request came in via the UDP transport then the area partially overwriten is a stack frame in named. If the request came in via the TCP transport then the area partically overwriten is in the heap and overwrites malloc's internal variables. This can be exploited to execute shellcode with the privileges of named (typically root).

ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

Working exploits for this vulnerability have been published.

• /data/vulnerabilities/exploits/tsig.c

ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

Solution:
The ISC strongly recommends upgrading to BIND version 9.1.0. Links to download the upgrade and various vendor-supplied fixes are available.


ISC BIND 8.2

• Caldera ptf7705a.pkg.Z
  ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.16/ptf7705 a.pkg.Z


• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• IBM AIX multiple_bind_vulns_efix.tar.Z
  ftp://ftp.software.ibm.com/aix/efixes/security/multiple_bind_vulns_efi x.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.1

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.2 p1

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.2 p3

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.2 p6

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.2

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz


• TurboLinux 6.0 bind-8.2.3-2.i386.rpm
  ftp://ftp.turbolinux.com/pub/updates/6.0/security/bind-8.2.3-2.i386.rp m


• TurboLinux 6.0 bind-contrib-8.2.3-2.i386.rpm
  ftp://ftp.turbolinux.com/pub/updates/6.0/security/bind-contrib-8.2.3-2 .i386.rpm


• TurboLinux 6.0 bind-devel-8.2.3-2.i386.rpm
  ftp://ftp.turbolinux.com/pub/updates/6.0/security/bind-devel-8.2.3-2.i 386.rpm


• TurboLinux 6.0 bind-utils-8.2.3-2.i386.rpm
  ftp://ftp.turbolinux.com/pub/updates/6.0/security/bind-utils-8.2.3-2.i 386.rpm

ISC BIND 8.2.2 p2

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC BIND 8.2.2 p5

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz


• Slackware 7.1 i386 bind.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/b ind.tgz


• Slackware current i386 bind.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/bi nd.tgz

ISC BIND 8.2.2 p7

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• Caldera eDesktop 2.4 bind-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/bind-8.2.3-1.i386.rpm


• Caldera eDesktop 2.4 bind-doc-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/bind-doc-8.2.3-1.i386.rpm


• Caldera eDesktop 2.4 bind-utils-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/RPM S/bind-utils-8.2.3-1.i386.rpm


• Caldera eServer 2.3.1/eBuilder for ECential 3.0 bind-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /bind-8.2.3-1.i386.rpm


• Caldera eServer 2.3.1/eBuilder for ECential 3.0 bind-doc-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /bind-doc-8.2.3-1.i386.rpm


• Caldera eServer 2.3.1/eBuilder for ECential 3.0 bind-utils-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/RPMS /bind-utils-8.2.3-1.i386.rpm


• Caldera OpenLinux 2.3 bind-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/bind-8.2.3-1.i386.rpm


• Caldera OpenLinux 2.3 bind-doc-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/bind-doc-8.2.3-1.i386.rpm


• Caldera OpenLinux 2.3 bind-utils-8.2.3-1.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/RP MS/bind-utils-8.2.3-1.i386.rpm


• Debian 2.2 alpha bind-dev_8.2.3-0.potato.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/bind -dev_8.2.3-0.potato.1_alpha.deb


• Debian 2.2 alpha bind_8.2.3-0.potato.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/bind _8.2.3-0.potato.1_alpha.deb


• Debian 2.2 alpha dnsutils_8.2.3-0.potato.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/dnsu tils_8.2.3-0.potato.1_alpha.deb


• Debian 2.2 arm bind-dev_8.2.3-0.potato.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/bind-d ev_8.2.3-0.potato.1_arm.deb


• Debian 2.2 arm bind_8.2.3-0.potato.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/bind_8 .2.3-0.potato.1_arm.deb


• Debian 2.2 arm dnsutils_8.2.3-0.potato.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/dnsuti ls_8.2.3-0.potato.1_arm.deb


• Debian 2.2 i386 bind-dev_8.2.3-0.potato.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/bind- dev_8.2.3-0.potato.1_i386.deb


• Debian 2.2 i386 bind_8.2.3-0.potato.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/bind_ 8.2.3-0.potato.1_i386.deb


• Debian 2.2 i386 dnsutils_8.2.3-0.potato.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/dnsut ils_8.2.3-0.potato.1_i386.deb


• Debian 2.2 m68k bind-dev_8.2.3-0.potato.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/bind- dev_8.2.3-0.potato.1_m68k.deb


• Debian 2.2 m68k bind_8.2.3-0.potato.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/bind_ 8.2.3-0.potato.1_m68k.deb


• Debian 2.2 m68k dnsutils_8.2.3-0.potato.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/dnsut ils_8.2.3-0.potato.1_m68k.deb


• Debian 2.2 ppc bind-dev_8.2.3-0.potato.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/bi nd-dev_8.2.3-0.potato.1_powerpc.deb


• Debian 2.2 ppc bind_8.2.3-0.potato.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/bi nd_8.2.3-0.potato.1_powerpc.deb


• Debian 2.2 ppc dnsutils_8.2.3-0.potato.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/dn sutils_8.2.3-0.potato.1_powerpc.deb


• Debian 2.2 sparc bind-dev_8.2.3-0.potato.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/bind -dev_8.2.3-0.potato.1_sparc.deb


• Debian 2.2 sparc bind_8.2.3-0.potato.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/bind _8.2.3-0.potato.1_sparc.deb


• Debian 2.2 sparc dnsutils_8.2.3-0.potato.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/dnsu tils_8.2.3-0.potato.1_sparc.deb


• Immunix 6.2 i386 bind-8.2.3-0.6.x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/bind-8.2.3-0.6.x_StackGu ard.i386.rpm


• Immunix 6.2 i386 bind-devel-8.2.3-0.6.x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/bind-devel-8.2.3-0.6.x_S tackGuard.i386.rpm


• Immunix 6.2 i386 bind-utils-8.2.3-0.6.x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/bind-utils-8.2.3-0.6.x_S tackGuard.i386.rpm


• Immunix 7.0 Beta bind-8.2.3-1_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/7.0-beta/updates/RPMS/bind-8.2.3-1_StackG uard.i386.rpm


• Immunix 7.0 Beta bind-devel-8.2.3-1_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/7.0-beta/updates/RPMS/bind-devel-8.2.3-1_ StackGuard.i386.rpm


• Immunix 7.0 Beta bind-utils-8.2.3-1_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/7.0-beta/updates/RPMS/bind-utils-8.2.3-1_ StackGuard.i386.rpm


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz


• MandrakeSoft 7.2 i386 bind-utils-8.2.3-1.1mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.2/RPMS/bind-uti ls-8.2.3-1.1mdk.i586.rpm


• MandrakeSoft 6.0 i386 bind-8.2.3-1.3mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.0/RPMS/bind-8.2 .3-1.3mdk.i586.rpm


• MandrakeSoft 6.0 i386 bind-devel-8.2.3-1.3mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.0/RPMS/bind-dev el-8.2.3-1.3mdk.i586.rpm


• MandrakeSoft 6.0 i386 bind-utils-8.2.3-1.3mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.0/RPMS/bind-uti ls-8.2.3-1.3mdk.i586.rpm


• MandrakeSoft 6.1 i386 bind-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.1/RPMS/bind-8.2 .3-1.2mdk.i586.rpm


• MandrakeSoft 6.1 i386 bind-devel-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.1/RPMS/bind-dev el-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 6.1 i386 bind-utils-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.1/RPMS/bind-uti ls-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 7.0 i386 bind-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.0/RPMS/bind-8.2 .3-1.2mdk.i586.rpm


• MandrakeSoft 7.0 i386 bind-devel-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.0/RPMS/bind-dev el-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 7.0 i386 bind-utils-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.0/RPMS/bind-uti ls-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 7.1 i386 bind-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.1/RPMS/bind-8.2 .3-1.2mdk.i586.rpm


• MandrakeSoft 7.1 i386 bind-devel-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.1/RPMS/bind-dev el-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 7.1 i386 bind-utils-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.1/RPMS/bind-uti ls-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft 7.2 i386 bind-8.2.3-1.1mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.2/RPMS/bind-8.2 .3-1.1mdk.i586.rpm


• MandrakeSoft 7.2 i386 bind-devel-8.2.3-1.1mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.2/RPMS/bind-dev el-8.2.3-1.1mdk.i586.rpm


• MandrakeSoft Corporate Server 1.0.1 i386 bind-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/1.0.1/RPMS/bind-8 .2.3-1.2mdk.i586.rpm


• MandrakeSoft Corporate Server 1.0.1 i386 bind-devel-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/1.0.1/RPMS/bind-d evel-8.2.3-1.2mdk.i586.rpm


• MandrakeSoft Corporate Server 1.0.1 i386 bind-utils-8.2.3-1.2mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/1.0.1/RPMS/bind-u tils-8.2.3-1.2mdk.i586.rpm


• Red Hat Inc. 5.2 alpha bind-8.2.3-0.5.x.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/bind-8.2.3-0.5.x.alpha.rpm


• Red Hat Inc. 5.2 alpha bind-devel-8.2.3-0.5.x.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/bind-devel-8.2.3-0.5.x.alpha.rpm


• Red Hat Inc. 5.2 alpha bind-utils-8.2.3-0.5.x.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/bind-utils-8.2.3-0.5.x.alpha.rpm


• Red Hat Inc. 5.2 i386 bind-8.2.3-0.5.x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bind-8.2.3-0.5.x.i386.rpm


• Red Hat Inc. 5.2 i386 bind-devel-8.2.3-0.5.x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bind-devel-8.2.3-0.5.x.i386.rpm


• Red Hat Inc. 5.2 i386 bind-utils-8.2.3-0.5.x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bind-utils-8.2.3-0.5.x.i386.rpm


• Red Hat Inc. 5.2 sparc bind-8.2.3-0.5.x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/bind-8.2.3-0.5.x.sparc.rpm


• Red Hat Inc. 5.2 sparc bind-devel-8.2.3-0.5.x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/bind-devel-8.2.3-0.5.x.sparc.rpm


• Red Hat Inc. 5.2 sparc bind-utils-8.2.3-0.5.x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/bind-utils-8.2.3-0.5.x.sparc.rpm


• Red Hat Inc. 6.2 alpha bind-8.2.3-0.6.x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/bind-8.2.3-0.6.x.alpha.rpm


• Red Hat Inc. 6.2 alpha bind-devel-8.2.3-0.6.x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/bind-devel-8.2.3-0.6.x.alpha.rpm


• Red Hat Inc. 6.2 alpha bind-utils-8.2.3-0.6.x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/bind-utils-8.2.3-0.6.x.alpha.rpm


• Red Hat Inc. 6.2 i386 bind-8.2.3-0.6.x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/bind-8.2.3-0.6.x.i386.rpm


• Red Hat Inc. 6.2 i386 bind-devel-8.2.3-0.6.x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/bind-devel-8.2.3-0.6.x.i386.rpm


• Red Hat Inc. 6.2 i386 bind-utils-8.2.3-0.6.x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/bind-utils-8.2.3-0.6.x.i386.rpm


• Red Hat Inc. 6.2 sparc bind-8.2.3-0.6.x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/bind-8.2.3-0.6.x.sparc.rpm


• Red Hat Inc. 6.2 sparc bind-devel-8.2.3-0.6.x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/bind-devel-8.2.3-0.6.x.sparc.rpm


• Red Hat Inc. 6.2 sparc bind-utils-8.2.3-0.6.x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/bind-utils-8.2.3-0.6.x.sparc.rpm


• Red Hat Inc. 7.0 alpha bind-8.2.3-1.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/bind-8.2.3-1.alpha.rpm


• Red Hat Inc. 7.0 alpha bind-devel-8.2.3-1.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/bind-devel-8.2.3-1.alpha.rpm


• Red Hat Inc. 7.0 alpha bind-utils-8.2.3-1.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/bind-utils-8.2.3-1.alpha.rpm


• Red Hat Inc. 7.0 i386 bind-8.2.3-1.i386.rpm
  ftp://updates.redhat.com/7.0/i386/bind-8.2.3-1.i386.rpm


• Red Hat Inc. 7.0 i386 bind-devel-8.2.3-1.i386.rpm
  ftp://updates.redhat.com/7.0/i386/bind-devel-8.2.3-1.i386.rpm

ISC BIND 8.2.2 p4

• Caldera OpenServer <= 5.0.6a newbind.tar.Z
  ftp://ftp.sco.com/pub/security/openserver/sr379322/newbind.tar.Z


• ISC bind-9.1.0.tar.gz
  ftp://ftp.isc.org/isc/bind9/9.1.0/bind-9.1.0.tar.gz

ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

References:

• BIND Security (ISC)
  
• ISC BIND Homepage (ISC)
  
• Sun Alert ID: 26965 - Domain Name Service Vulnerabilities (Sun Microsystems)