Rapid7 Vulnerability & Exploit Database

RHSA-2008:0300: bind security, bug fix, and enhancement update

Back to Search

RHSA-2008:0300: bind security, bug fix, and enhancement update



The Berkeley Internet Name Domain (BIND) is an implementation of the DomainName System (DNS) protocols. BIND includes a DNS server (named); a resolverlibrary (routines for applications to use when interfacing with DNS); andtools for verifying that the DNS server is operating correctly.It was discovered that the bind packages created the "rndc.key" file withinsecure file permissions. This allowed any local user to read the contentof this file. A local user could use this flaw to control some aspects ofthe named daemon by using the rndc utility, for example, stopping the nameddaemon. This problem did not affect systems with the bind-chroot packageinstalled. (CVE-2007-6283)A buffer overflow flaw was discovered in the "inet_network()" function, asimplemented by libbind. An attacker could use this flaw to crash anapplication calling this function, with an argument provided from anuntrusted source. (CVE-2008-0122)As well, these updated packages fix the following bugs:Locating //etc/named.conf failed:[FAILED]This has been resolved in these updated packages.As well, these updated packages add the following enhancements:All users of bind are advised to upgrade to these updated packages, whichresolve these issues and add these enhancements.


  • redhat-upgrade-bind
  • redhat-upgrade-bind-chroot
  • redhat-upgrade-bind-devel
  • redhat-upgrade-bind-libbind-devel
  • redhat-upgrade-bind-libs
  • redhat-upgrade-bind-sdb
  • redhat-upgrade-bind-utils
  • redhat-upgrade-caching-nameserver

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center