[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sun-managers
Subject:    SUMMARY: BIND and Solaris 2.6
From:       "Brown, Melissa" <BrownM () fhu ! disa ! mil>
Date:       2001-01-30 20:48:40
[Download RAW message or body]

First, my apology.  I submitted this question in November and before I
summarized, we lost email.  I didn't think to pull it out of the mailing
list archives.
Someone else just emailed me inquiring about the summary since CERT CC
ADVISORY CA 2001-02.  THEN I remembered I could pull my question from the
archive at the very least.
 
So, the original post is below.  I don't have the responses people sent me,
sorry.
 
Cert's notice is for BIND vulnerabilities and recommends upgrading.  Sun is
working to address issues on the Solaris versions still running older
version of BIND. (Solaris 2.4, 2.5, 2.5.1 and 2.6 contain revisions of BIND
4; Solaris 7 and 8 contain BIND 8.1.2)
 
In the meantime, if you have the requirement to upgrade and it's not
feasible, maybe removing the BIND daemon will satisfy the requirement.
 
The answers to my questions:
Use the nslookup command (below in original) to find out the BIND version of
the nameserver(s) you're using.
 
If you want to see what version of BIND you have installed on your system,
this strings command will help you find the version number in the daemon:
# strings /usr/sbin/in.named | grep -i "version.c"
 
If the server isn't a DNS, you can remove the BIND daemon, in.named (after
making a backup copy of it!)
# rm /usr/sbin/in.named (or in another directory if you're running something
like tcp_wrappers)
 
I deleted it on several systems in November and haven't had any problems.  I
didn't bother hunting down the package and trying to remove it.   (I'm still
not sure if that's possible.)
 
I have to admit, using the nslookup commands to get the BIND versions of the
nameserver(s) I use was helpful because then I was able to see how
vulnerable I was against their system!
 
RPCbind isn't related to BIND. 
 
Good Luck and again, sorry for the laaaaate posting.
 
Melissa
 
----------------------------------------------
Original question:
----------------------------------------------
Cert published a vulnerability with BIND this week.

How do you find the version of BIND installed on a solaris system?
Does it belong to a package?
Can be removed from a server that isn't a DNS?

I have these instructions to determine what version of BIND is running on
the namserver you request:
   # nslookup
   > set class=chaos
   > set type=txt
   > version.bind
If the server returns a message that it filed, then the version release is
4.9.5 or earlier.  If no response -- it's not running BIND os isn't a
nameserver.  (This was a Unix tip or ZDnet -- I can't remember)

I have rpcbind active but I'm unsure if it is part of the BIND software.
I know rpcbind has to be active if you want to login with CDE... so if it is
part of BIND, maybe the package can't be removed and BIND will have to be
upgraded!!!

Anyone know more about this?

I'll summarize!!
:-)
Melissa

_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic