Note: This is an archival copy of Security Sun Alert 200859 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000649.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability in BIND 8 may allow remote unprivileged users the ability to cause named(1M) to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services.
This issue is also referenced in the following documents:
CERT-US VU#927905 at http://www.kb.cert.org/vuls/id/927905
CVE-2007-2930 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930
This issue can occur in the following releases:
Note: Solaris 10 is not impacted by this issue.
Only systems with the BIND named(1M) service enabled are impacted by this issue. To verify if BIND is running on a system, the following command can be used:
$ ps -e | grep in.named && echo "BIND is running"
There are no reliable symptoms that would indicate the described issue has occurred.
There is no workaround. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment