|
Note: This is an archival copy of Security Sun Alert 201539 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001148.1. |
Category Security Release Phase Resolved Solaris 10 Operating System Bug Id 6582717 Date of Workaround Release 25-JUL-2007 Date of Resolved Release 22-AUG-2007 Impact Remote unprivileged users may cause named(1M) to ultimately return incorrect addresses for Internet hosts thereby redirecting end users to unintended hosts and or services. This issue is also referenced in the following documents:
Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 8 and Solaris 9 are not impacted by this issue. Only systems with the BIND named(1M) service enabled are impacted by this issue. To verify if the DNS service instance is enabled under smf(5), use the svcs(1) command as follows: $ svcs -l svc:/network/dns/server:default | grep enabled enabled true
Symptoms There are no reliable symptoms that would indicate the described issue has occurred. Workaround There is no workaround. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Note: The resolution provides BIND 9.3.4-P1 as provided by the custodians of BIND; the Internet Systems Consortium (ISC). After the patch has been installed, it is recommended that BIND administrators familiarize themselves with the "/usr/share/doc/bind/migration.txt" document. Further information on BIND 9.3 is available in the BIND 9.3 Advanced Reference Manual (ARM) available on the ISC web site at: Modification History Date: 08-AUG-2007
Date: 22-AUG-2007
Date: 04-SEP-2007
References119783-05119784-05 Attachments This solution has no attachment | |||||||||||||||
|
|