Note: This is an archival copy of Security Sun Alert 200859 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000649.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 8 Operating System Bug Id 6596938 Date of Workaround Release 18-SEP-2007 Date of Resolved Release 15-OCT-2007 Impact A security vulnerability in BIND 8 may allow remote unprivileged users the ability to cause named(1M) to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services. This issue is also referenced in the following documents: CERT-US VU#927905 at http://www.kb.cert.org/vuls/id/927905 CVE-2007-2930 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 10 is not impacted by this issue. Only systems with the BIND named(1M) service enabled are impacted by this issue. To verify if BIND is running on a system, the following command can be used: $ ps -e | grep in.named && echo "BIND is running"
Symptoms There are no reliable symptoms that would indicate the described issue has occurred. Workaround There is no workaround. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 15-OCT-2007
References109326-20109327-20 112837-14 114265-13 Attachments This solution has no attachment |
|