Debian Security Advisory

bind -- remote Denial of Service

Date Reported:
12 Nov 2000
Affected Packages:
bind
bind-dev
dnsutils
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2000-0887, CVE-2000-0888.
More information:
The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable to a remote denial of service attack, which can cause the nameserver to crash after accessing an uninitialized pointer. This problem is fixed in the current maintenance release of BIND, 8.2.2P7, and in the Debian package version 8.2.2p7-1 for both stable and unstable releases.

We recommend that all users of BIND upgrade immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7-1.diff.gz
http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7-1.dsc
http://security.debian.org/dists/potato/updates/main/source/bind_8.2.2p7.orig.tar.gz
Alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/bind_8.2.2p7-1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/bind-dev_8.2.2p7-1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/dnsutils_8.2.2p7-1_alpha.deb
ARM:
http://security.debian.org/dists/potato/updates/main/binary-arm/bind_8.2.2p7-1_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/bind-dev_8.2.2p7-1_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/dnsutils_8.2.2p7-1_arm.deb
Intel IA-32:
http://security.debian.org/dists/potato/updates/main/binary-i386/bind_8.2.2p7-1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/bind-dev_8.2.2p7-1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/dnsutils_8.2.2p7-1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/potato/updates/main/binary-m68k/bind_8.2.2p7-1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/bind-dev_8.2.2p7-1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/dnsutils_8.2.2p7-1_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/bind_8.2.2p7-1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/bind-dev_8.2.2p7-1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/dnsutils_8.2.2p7-1_powerpc.deb
Sun SPARC:
http://security.debian.org/dists/potato/updates/main/binary-sparc/bind_8.2.2p7-1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/bind-dev_8.2.2p7-1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/dnsutils_8.2.2p7-1_sparc.deb