Patch-ID# 106939-08 Keywords: security res_mkquery libresolv __confcheck in.named eagain libadm Synopsis: SunOS 5.7_x86: libresolv, in.named, libadm, & nslookup patch Date: Jan/05/2004 Install Requirements: Reboot after installation See Special Install Instructions Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 106938 Topic: SunOS 5.7_x86: libresolv, in.named, libadm, & nslookup patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4025718 4134616 4170561 4197828 4208656 4211042 4284409 4299852 4409676 4416430 4454978 4509898 4525129 4646349 4700305 4708913 4723650 4777715 4928758 Changes incorporated in this version: 4928758 Patches accumulated and obsoleted by this patch: 107019-04 107333-04 108413-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/libadm.a /usr/lib/libadm.so.1 /usr/lib/libresolv.so.1 /usr/lib/libresolv.so.2 /usr/lib/llib-l300.ln /usr/lib/llib-l300s.ln /usr/lib/llib-l4014.ln /usr/lib/llib-l450.ln /usr/lib/llib-lTL.ln /usr/lib/llib-ladm /usr/lib/llib-ladm.ln /usr/lib/llib-laio.ln /usr/lib/llib-lauth.ln /usr/lib/llib-lbsm.ln /usr/lib/llib-lc.ln /usr/lib/llib-lc2stubs.ln /usr/lib/llib-lcmd.ln /usr/lib/llib-lcurses.ln /usr/lib/llib-ldevice.ln /usr/lib/llib-ldoor.ln /usr/lib/llib-lkstat.ln /usr/lib/llib-lkvm.ln /usr/lib/llib-lmtmalloc.ln /usr/lib/llib-lnls.ln /usr/lib/llib-lnsl.ln /usr/lib/llib-lpam.ln /usr/lib/llib-lplot.ln /usr/lib/llib-lrac.ln /usr/lib/llib-lresolv /usr/lib/llib-lresolv.ln /usr/lib/llib-lsec.ln /usr/lib/llib-lthread.ln /usr/lib/llib-lvolmgt.ln /usr/lib/llib-lvt0.ln /usr/sbin/in.named /usr/sbin/nslookup /usr/ucblib/llib-lucb.ln /usr/xpg4/lib/llib-lcurses.ln Problem Description: 4928758 Negative Cache Poison Attack (from 106939-07) 4777715 Multiple Remote Vulnerabilities in BIND - CERT Advisory CA-2002-31 4700305 nslookup does not follow its 'srchlist' under some circumstances (from 106939-06) 4708913 CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries (from 106939-05) 4525129 DNS over TCP can induce gethostbyX(3NSL) meltdown 4646349 libresolv.so.2 leaks memory in multi-threaded programs (from 106939-04) 4208656 in.named 8.1.2 panics - Not enough space failed. 4284409 libresolv does not protect itself from netscape provided poll routine (from 106939-03) 4299852 four vulnerabilities have been found in BIND. (from 106939-02) 4211042 Bind 8.1.2 in.named memory leak in Solaris 7 (from 106939-01) 4134616 in.named can hang when calling res_mkquery (from 107019-04) 4723650 in.named crashing during zone transfer if blank line in zone file (from 107019-03) 4409676 CERT Advisory CA-2001-02/Solaris dns (bind) (from 107019-02) 4299852 Four vulnerabilities have been found in BIND. (from 107019-01) 4134616 in.named can hang when calling res_mkquery (from 107333-04) 4454978 llib-lc.ln is out of sync with an updated stdio_impl.h on Solaris 7 system (from 107333-03) 4025718 pkginfo: allow greater than nine characters for PKG parameter value 4509898 pkgadd -R user passwd/group search order is backwards 4416430 pkgadd -R does not use the proper passwd/group information. (from 107333-02) This patch revision was generated to include bugfix 4219282 (sed dumps core file during the installation of 107333-01 patch) in i.none patch script. Nothing has changed in the libadm library. (from 107333-01) 4197828 mis-use of isspace() in libadm functions causes a problem with multibyte chars (from 108413-01) 4170561 nslookup still vulnerable to buffer overflow with latest patch 105755-06 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Reboot the system after patch installation. README -- Last modified date: Monday, January 5, 2004