Note: This is an archival copy of Security Sun Alert 200367 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000259.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A privileged remote user may be able to cause the Domain Name Service Daemon (in.named(1M)) to retain invalid negative responses. This will cause DNS resolver routines (resolver(3RESOLV)) to not find valid host names. This is a type of Denial-of-Service.
This issue corresponds to the security fix addressed in ISC BIND 8.4.2 and 8.3.7 releases and is referenced at http://www.isc.org/index.pl?/sw/bind/bind8.php.
This issue is also described in CERT Vulnerability VU#734644, which can be found at http://www.kb.cert.org/vuls/id/734644.
This issue can occur in the following releases:
Note: Solaris 2.6 will not be evaluated regarding the potential impact of the issue described in this Sun Alert.
Should the described issue occur, applications will fail to connect to remote servers.
nslookup(1m) intermittently reports that the host name is "Non-existent". For example:
$ nslookup www.sun.com Server: dns.Sun.COM Address: 220.127.116.11 dns.Sun.COM can't find www.sun.com: Non-existent host/domain
To work around the described issue, place required host information in another name repository, such as "files" (in "/etc/hosts") and modify nsswitch.conf(4) accordingly. See http://docs.sun.com/ for further information.
This issue is addressed in the following releases:
This solution has no attachment