NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2007-q4

[SA28180] Fedora BIND "/etc/rndc.key" Insecure File Permissions

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Dec 21 2007 - 16:47:05 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.

Download and test it today:
https://psi.secunia.com/

Read more about this new version:
https://psi.secunia.com/?page=changelog

----------------------------------------------------------------------

TITLE:
Fedora BIND "/etc/rndc.key" Insecure File Permissions

SECUNIA ADVISORY ID:
SA28180

VERIFY ADVISORY:
http://secunia.com/advisories/28180/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
Local system

OPERATING SYSTEM:
Fedora 8
http://secunia.com/product/16769/
Fedora 7
http://secunia.com/product/15552/

DESCRIPTION:
A security issue has been reported in Fedora, which can be exploited
by malicious, local users to bypass certain security restrictions.

The security issue is caused due to insecure file permissions being
set for the "/etc/rndc.key" file. This can be exploited by
unprivileged local users to e.g. stop named, decrease the logging
level or disable dynamic zones updates.

SOLUTION:
Apply updated packages.

-- Fedora 7 --

28aa0cb1542e256567c44d647896b990a448b538
bind-debuginfo-9.4.2-2.fc7.ppc64.rpm
f38a44e7deb3a51cb5d2aac2dee8b29041b575aa
bind-sdb-9.4.2-2.fc7.ppc64.rpm
550dc2cce14a959ac835388d03d4b1f6a6020f99
bind-chroot-9.4.2-2.fc7.ppc64.rpm
ef2c12d2b581d09888d872d839105e162e5b648c
caching-nameserver-9.4.2-2.fc7.ppc64.rpm
2f68c806bb44e198709fb762a9168ab204cfdc9d
bind-devel-9.4.2-2.fc7.ppc64.rpm
b94bc818ceaa6cb99ddf06cb6e285503969c49ca
bind-utils-9.4.2-2.fc7.ppc64.rpm
30a3f2c3fd4230fdda63c61f3854c96d3f62e4c1
bind-libs-9.4.2-2.fc7.ppc64.rpm
89f34527b435c866cb25c653feea60e43779308b bind-9.4.2-2.fc7.ppc64.rpm
8717315b3ef5aad2783706f46c225b0677e7d8a3
bind-debuginfo-9.4.2-2.fc7.i386.rpm
82bddaa83e1050a0428f07564fbefc5a5578d9d9
bind-sdb-9.4.2-2.fc7.i386.rpm
fab36ba9bda8e68e8e7df80ea8314b425e5cf236
bind-chroot-9.4.2-2.fc7.i386.rpm
5ab240909b5b15efba07d582a80857857f03e700
caching-nameserver-9.4.2-2.fc7.i386.rpm
d31ad35127346d4ffa36516c74397d68d41e3e54
bind-devel-9.4.2-2.fc7.i386.rpm
226f1011da3c6479deee69879dbbb1dd755bb3c0
bind-utils-9.4.2-2.fc7.i386.rpm
9a95c4f451f51124dc54c60069cf357a2a053871
bind-libs-9.4.2-2.fc7.i386.rpm
b4e84407eae66da8504a69c06f5eff9559c6e7ee bind-9.4.2-2.fc7.i386.rpm
bfbe66bb3397fc5ab4156c0d2883060e9434a5b2
bind-debuginfo-9.4.2-2.fc7.x86_64.rpm
ae392890fe78fa9c0d3e62185bbf98450e58fc02
bind-sdb-9.4.2-2.fc7.x86_64.rpm
3620e07de93b09fb91ac1034b80c92340584fa84
bind-chroot-9.4.2-2.fc7.x86_64.rpm
ec48d1ce52081d57a4376bc713e6b15b64163857
caching-nameserver-9.4.2-2.fc7.x86_64.rpm
b049a47024bbd3f2bd8961256e1555cdd91639d2
bind-devel-9.4.2-2.fc7.x86_64.rpm
40359837bdd91d8c4d3bb16bb826566be9c0a570
bind-utils-9.4.2-2.fc7.x86_64.rpm
a36c6ae65a6b553f447af070f888905fdf322778
bind-libs-9.4.2-2.fc7.x86_64.rpm
8f46f979da47966c58975cbd5b890a9db986db72 bind-9.4.2-2.fc7.x86_64.rpm
08b2c7747e77196c9574d73286f194e7bc23b190
bind-debuginfo-9.4.2-2.fc7.ppc.rpm
17c4028bc822f413e923559770e5a27193a4c17b
bind-sdb-9.4.2-2.fc7.ppc.rpm
d0ded87feb4c6c334960663dde0ac26e766b7624
bind-chroot-9.4.2-2.fc7.ppc.rpm
6296b2638170139ae2ae7fbfd959b938dedc91b4
caching-nameserver-9.4.2-2.fc7.ppc.rpm
ce6b28ab008940a081592cd6e98812963d763b4e
bind-devel-9.4.2-2.fc7.ppc.rpm
2bf42b996bb2721e7eee6b6e81b6e5c18a767bd9
bind-utils-9.4.2-2.fc7.ppc.rpm
ea446d15fb1a872b0c71baa6227307fd78cb6817
bind-libs-9.4.2-2.fc7.ppc.rpm
c344aebd68febf277a61f072f8fab594e171f095 bind-9.4.2-2.fc7.ppc.rpm
0d34235a42edea98d289c88167b9a7e714246f0d bind-9.4.2-2.fc7.src.rpm

-- Fedora 8 --

2d9ebc78e3dd5806d17a153862f8ea182a243e79
bind-debuginfo-9.5.0-20.b1.fc8.ppc64.rpm
75a7aeb76f75238f500b0e07b0524181115e4b5b
bind-chroot-9.5.0-20.b1.fc8.ppc64.rpm
0843934b6597229f0124fcb75f111e68e539d40e
bind-devel-9.5.0-20.b1.fc8.ppc64.rpm
00083154ccfa68f44caa0a3a8f8ff015e66a9025
bind-utils-9.5.0-20.b1.fc8.ppc64.rpm
5c622c574e892c4744a8e73de734224f01f75ece
bind-libs-9.5.0-20.b1.fc8.ppc64.rpm
9665a66da8ccb70e0bb075605336d4e8d0d0c0c3
bind-sdb-9.5.0-20.b1.fc8.ppc64.rpm
600c39486028ad993714d62da3aaacb79bbebc8a
bind-9.5.0-20.b1.fc8.ppc64.rpm
05f52518b1fad4d49ed3baeddada8357d6bdeee3
bind-debuginfo-9.5.0-20.b1.fc8.i386.rpm
43b323a8a79cdec70ed79a08dc639af4a3a224cf
bind-chroot-9.5.0-20.b1.fc8.i386.rpm
3dbf3166a83b279f7ff95615172c7bec5776862a
bind-devel-9.5.0-20.b1.fc8.i386.rpm
66f63740ab4994dcb8fbc9b0af0985d53ac0c145
bind-utils-9.5.0-20.b1.fc8.i386.rpm
d7ce10862191d8876fb7d4539d38e8ad0c11ef70
bind-libs-9.5.0-20.b1.fc8.i386.rpm
aa1811d7e7c7e089191581a788efa3a02ce9b851
bind-sdb-9.5.0-20.b1.fc8.i386.rpm
518c089791361543084ce7e20247fed39e712cc5
bind-9.5.0-20.b1.fc8.i386.rpm
1adaf7b8c5584fa3c3ca87eb7a445f911013a7d5
bind-debuginfo-9.5.0-20.b1.fc8.x86_64.rpm
f2dee30c9cbf4150343c1cadeb856ca2cad28340
bind-chroot-9.5.0-20.b1.fc8.x86_64.rpm
9db3665e619e6ca6532f1b2b8f57c33ee7ddac0c
bind-devel-9.5.0-20.b1.fc8.x86_64.rpm
69818249c4c45c6f3c3e1c2e12a0dfb86a293c19
bind-utils-9.5.0-20.b1.fc8.x86_64.rpm
cf21499073cd4e57b161af63750a4c0e2025ba51
bind-libs-9.5.0-20.b1.fc8.x86_64.rpm
12416bc4270267079c8d45437c939e1a2d2f7929
bind-sdb-9.5.0-20.b1.fc8.x86_64.rpm
59810671ccdfdc97a6f4c43364799338f6f1bda4
bind-9.5.0-20.b1.fc8.x86_64.rpm
68bd9e756f0fd5c555b2e98e01a86271c60fdafe
bind-debuginfo-9.5.0-20.b1.fc8.ppc.rpm
f500b40dadeaff4a88d7b722213b87c142399fcb
bind-chroot-9.5.0-20.b1.fc8.ppc.rpm
606b24956f92270b1be997b295c9990b6b1d6d82
bind-devel-9.5.0-20.b1.fc8.ppc.rpm
38bfae55679eb550439f220308b8f2c5c5ab03eb
bind-utils-9.5.0-20.b1.fc8.ppc.rpm
aa91573cd6a1a35fcb8c4f7e474a9930fe8a5f4a
bind-libs-9.5.0-20.b1.fc8.ppc.rpm
533c56c1d1c9e9b193c3c763f9b4132d14128d3a
bind-sdb-9.5.0-20.b1.fc8.ppc.rpm
84d7e80d63339dc3a7f89c1df0d0634ec5955fb8
bind-9.5.0-20.b1.fc8.ppc.rpm
71ba31a6534854ed0dd843b1e24f853b11f011c9 bind-9.5.0-20.b1.fc8.src.rpm

PROVIDED AND/OR DISCOVERED BY:
Florian La Roche

ORIGINAL ADVISORY:
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]