Debian Security Advisory

bind -- remote Denial of Service

Date Reported:

12 Nov 2000

Affected Packages:

bind
bind-dev
dnsutils

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2000-0887, CVE-2000-0888.

More information:

The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable to a remote denial of service attack, which can cause the nameserver to crash after accessing an uninitialized pointer. This problem is fixed in the current maintenance release of BIND, 8.2.2P7, and in the Debian package version 8.2.2p7-1 for both stable and unstable releases.

We recommend that all users of BIND upgrade immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7-1.diff.gz; http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7-1.dsc; http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7.orig.tar.gz
Alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/bind_8.2.2p7-1_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/bind-dev_8.2.2p7-1_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/dnsutils_8.2.2p7-1_alpha.deb
ARM:: http://security.debian.org/dists/potato/updates/main/binary-arm/bind_8.2.2p7-1_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/bind-dev_8.2.2p7-1_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/dnsutils_8.2.2p7-1_arm.deb
Intel IA-32:: http://security.debian.org/dists/potato/updates/main/binary-i386/bind_8.2.2p7-1_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/bind-dev_8.2.2p7-1_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/dnsutils_8.2.2p7-1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/potato/updates/main/binary-m68k/bind_8.2.2p7-1_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/bind-dev_8.2.2p7-1_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/dnsutils_8.2.2p7-1_m68k.deb
PowerPC:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/bind_8.2.2p7-1_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/bind-dev_8.2.2p7-1_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/dnsutils_8.2.2p7-1_powerpc.deb
Sun SPARC:: http://security.debian.org/dists/potato/updates/main/binary-sparc/bind_8.2.2p7-1_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/bind-dev_8.2.2p7-1_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/dnsutils_8.2.2p7-1_sparc.deb