FrSIRT - Fedora Security Update Fixes Bind "/etc/rndc.key" Insecure Permissions / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Bind "/etc/rndc.key" Insecure Permissions

Title : Fedora Security Update Fixes Bind "/etc/rndc.key" Insecure Permissions
Advisory ID : FrSIRT/ADV-2007-4288
CVE ID : CVE-2007-6283
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-12-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions [...]

Solution

Upgrade the affected packages :

2d9ebc78e3dd5806d17a153862f8ea182a243e79 bind-debuginfo-9.5.0-20.b1.fc8.ppc64.rpm
75a7aeb76f75238f500b0e07b0524181115e4b5b bind-chroot-9.5.0-20.b1.fc8.ppc64.rpm
0843934b6597229f0124fcb75f111e68e539d40e bind-devel-9.5.0-20.b1.fc8.ppc64.rpm
00083154ccfa68f44caa0a3a8f8ff015e66a9025 bind-utils-9.5.0-20.b1.fc8.ppc64.rpm
5c622c574e892c4744a8e73de734224f01f75ece bind-libs-9.5.0-20.b1.fc8.ppc64.rpm
9665a66da8ccb70e0bb075605336d4e8d0d0c0c3 bind-sdb-9.5.0-20.b1.fc8.ppc64.rpm
600c39486028ad993714d62da3aaacb79bbebc8a bind-9.5.0-20.b1.fc8.ppc64.rpm
05f52518b1fad4d49ed3baeddada8357d6bdeee3 bind-debuginfo-9.5.0-20.b1.fc8.i386.rpm
43b323a8a79cdec70ed79a08dc639af4a3a224cf bind-chroot-9.5.0-20.b1.fc8.i386.rpm
3dbf3166a83b279f7ff95615172c7bec5776862a bind-devel-9.5.0-20.b1.fc8.i386.rpm
66f63740ab4994dcb8fbc9b0af0985d53ac0c145 bind-utils-9.5.0-20.b1.fc8.i386.rpm
d7ce10862191d8876fb7d4539d38e8ad0c11ef70 bind-libs-9.5.0-20.b1.fc8.i386.rpm
aa1811d7e7c7e089191581a788efa3a02ce9b851 bind-sdb-9.5.0-20.b1.fc8.i386.rpm
518c089791361543084ce7e20247fed39e712cc5 bind-9.5.0-20.b1.fc8.i386.rpm
1adaf7b8c5584fa3c3ca87eb7a445f911013a7d5 bind-debuginfo-9.5.0-20.b1.fc8.x86_64.rpm
f2dee30c9cbf4150343c1cadeb856ca2cad28340 bind-chroot-9.5.0-20.b1.fc8.x86_64.rpm
9db3665e619e6ca6532f1b2b8f57c33ee7ddac0c bind-devel-9.5.0-20.b1.fc8.x86_64.rpm
69818249c4c45c6f3c3e1c2e12a0dfb86a293c19 bind-utils-9.5.0-20.b1.fc8.x86_64.rpm
cf21499073cd4e57b161af63750a4c0e2025ba51 bind-libs-9.5.0-20.b1.fc8.x86_64.rpm
12416bc4270267079c8d45437c939e1a2d2f7929 bind-sdb-9.5.0-20.b1.fc8.x86_64.rpm
59810671ccdfdc97a6f4c43364799338f6f1bda4 bind-9.5.0-20.b1.fc8.x86_64.rpm
68bd9e756f0fd5c555b2e98e01a86271c60fdafe bind-debuginfo-9.5.0-20.b1.fc8.ppc.rpm
f500b40dadeaff4a88d7b722213b87c142399fcb bind-chroot-9.5.0-20.b1.fc8.ppc.rpm
606b24956f92270b1be997b295c9990b6b1d6d82 bind-devel-9.5.0-20.b1.fc8.ppc.rpm
38bfae55679eb550439f220308b8f2c5c5ab03eb bind-utils-9.5.0-20.b1.fc8.ppc.rpm
aa91573cd6a1a35fcb8c4f7e474a9930fe8a5f4a bind-libs-9.5.0-20.b1.fc8.ppc.rpm
533c56c1d1c9e9b193c3c763f9b4132d14128d3a bind-sdb-9.5.0-20.b1.fc8.ppc.rpm
84d7e80d63339dc3a7f89c1df0d0634ec5955fb8 bind-9.5.0-20.b1.fc8.ppc.rpm
71ba31a6534854ed0dd843b1e24f853b11f011c9 bind-9.5.0-20.b1.fc8.src.rpm

28aa0cb1542e256567c44d647896b990a448b538 bind-debuginfo-9.4.2-2.fc7.ppc64.rpm
f38a44e7deb3a51cb5d2aac2dee8b29041b575aa bind-sdb-9.4.2-2.fc7.ppc64.rpm
550dc2cce14a959ac835388d03d4b1f6a6020f99 bind-chroot-9.4.2-2.fc7.ppc64.rpm
ef2c12d2b581d09888d872d839105e162e5b648c caching-nameserver-9.4.2-2.fc7.ppc64.rpm
2f68c806bb44e198709fb762a9168ab204cfdc9d bind-devel-9.4.2-2.fc7.ppc64.rpm
b94bc818ceaa6cb99ddf06cb6e285503969c49ca bind-utils-9.4.2-2.fc7.ppc64.rpm
30a3f2c3fd4230fdda63c61f3854c96d3f62e4c1 bind-libs-9.4.2-2.fc7.ppc64.rpm
89f34527b435c866cb25c653feea60e43779308b bind-9.4.2-2.fc7.ppc64.rpm
8717315b3ef5aad2783706f46c225b0677e7d8a3 bind-debuginfo-9.4.2-2.fc7.i386.rpm
82bddaa83e1050a0428f07564fbefc5a5578d9d9 bind-sdb-9.4.2-2.fc7.i386.rpm
fab36ba9bda8e68e8e7df80ea8314b425e5cf236 bind-chroot-9.4.2-2.fc7.i386.rpm
5ab240909b5b15efba07d582a80857857f03e700 caching-nameserver-9.4.2-2.fc7.i386.rpm
d31ad35127346d4ffa36516c74397d68d41e3e54 bind-devel-9.4.2-2.fc7.i386.rpm
226f1011da3c6479deee69879dbbb1dd755bb3c0 bind-utils-9.4.2-2.fc7.i386.rpm
9a95c4f451f51124dc54c60069cf357a2a053871 bind-libs-9.4.2-2.fc7.i386.rpm
b4e84407eae66da8504a69c06f5eff9559c6e7ee bind-9.4.2-2.fc7.i386.rpm
bfbe66bb3397fc5ab4156c0d2883060e9434a5b2 bind-debuginfo-9.4.2-2.fc7.x86_64.rpm
ae392890fe78fa9c0d3e62185bbf98450e58fc02 bind-sdb-9.4.2-2.fc7.x86_64.rpm
3620e07de93b09fb91ac1034b80c92340584fa84 bind-chroot-9.4.2-2.fc7.x86_64.rpm
ec48d1ce52081d57a4376bc713e6b15b64163857 caching-nameserver-9.4.2-2.fc7.x86_64.rpm
b049a47024bbd3f2bd8961256e1555cdd91639d2 bind-devel-9.4.2-2.fc7.x86_64.rpm
40359837bdd91d8c4d3bb16bb826566be9c0a570 bind-utils-9.4.2-2.fc7.x86_64.rpm
a36c6ae65a6b553f447af070f888905fdf322778 bind-libs-9.4.2-2.fc7.x86_64.rpm
8f46f979da47966c58975cbd5b890a9db986db72 bind-9.4.2-2.fc7.x86_64.rpm
08b2c7747e77196c9574d73286f194e7bc23b190 bind-debuginfo-9.4.2-2.fc7.ppc.rpm
17c4028bc822f413e923559770e5a27193a4c17b bind-sdb-9.4.2-2.fc7.ppc.rpm
d0ded87feb4c6c334960663dde0ac26e766b7624 bind-chroot-9.4.2-2.fc7.ppc.rpm
6296b2638170139ae2ae7fbfd959b938dedc91b4 caching-nameserver-9.4.2-2.fc7.ppc.rpm
ce6b28ab008940a081592cd6e98812963d763b4e bind-devel-9.4.2-2.fc7.ppc.rpm
2bf42b996bb2721e7eee6b6e81b6e5c18a767bd9 bind-utils-9.4.2-2.fc7.ppc.rpm
ea446d15fb1a872b0c71baa6227307fd78cb6817 bind-libs-9.4.2-2.fc7.ppc.rpm
c344aebd68febf277a61f072f8fab594e171f095 bind-9.4.2-2.fc7.ppc.rpm
0d34235a42edea98d289c88167b9a7e714246f0d bind-9.4.2-2.fc7.src.rpm

ChangeLog

2007-12-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities