---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Fedora BIND "/etc/rndc.key" Insecure File Permissions SECUNIA ADVISORY ID: SA28180 VERIFY ADVISORY: http://secunia.com/advisories/28180/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Fedora 8 http://secunia.com/product/16769/ Fedora 7 http://secunia.com/product/15552/ DESCRIPTION: A security issue has been reported in Fedora, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to insecure file permissions being set for the "/etc/rndc.key" file. This can be exploited by unprivileged local users to e.g. stop named, decrease the logging level or disable dynamic zones updates. SOLUTION: Apply updated packages. -- Fedora 7 -- 28aa0cb1542e256567c44d647896b990a448b538 bind-debuginfo-9.4.2-2.fc7.ppc64.rpm f38a44e7deb3a51cb5d2aac2dee8b29041b575aa bind-sdb-9.4.2-2.fc7.ppc64.rpm 550dc2cce14a959ac835388d03d4b1f6a6020f99 bind-chroot-9.4.2-2.fc7.ppc64.rpm ef2c12d2b581d09888d872d839105e162e5b648c caching-nameserver-9.4.2-2.fc7.ppc64.rpm 2f68c806bb44e198709fb762a9168ab204cfdc9d bind-devel-9.4.2-2.fc7.ppc64.rpm b94bc818ceaa6cb99ddf06cb6e285503969c49ca bind-utils-9.4.2-2.fc7.ppc64.rpm 30a3f2c3fd4230fdda63c61f3854c96d3f62e4c1 bind-libs-9.4.2-2.fc7.ppc64.rpm 89f34527b435c866cb25c653feea60e43779308b bind-9.4.2-2.fc7.ppc64.rpm 8717315b3ef5aad2783706f46c225b0677e7d8a3 bind-debuginfo-9.4.2-2.fc7.i386.rpm 82bddaa83e1050a0428f07564fbefc5a5578d9d9 bind-sdb-9.4.2-2.fc7.i386.rpm fab36ba9bda8e68e8e7df80ea8314b425e5cf236 bind-chroot-9.4.2-2.fc7.i386.rpm 5ab240909b5b15efba07d582a80857857f03e700 caching-nameserver-9.4.2-2.fc7.i386.rpm d31ad35127346d4ffa36516c74397d68d41e3e54 bind-devel-9.4.2-2.fc7.i386.rpm 226f1011da3c6479deee69879dbbb1dd755bb3c0 bind-utils-9.4.2-2.fc7.i386.rpm 9a95c4f451f51124dc54c60069cf357a2a053871 bind-libs-9.4.2-2.fc7.i386.rpm b4e84407eae66da8504a69c06f5eff9559c6e7ee bind-9.4.2-2.fc7.i386.rpm bfbe66bb3397fc5ab4156c0d2883060e9434a5b2 bind-debuginfo-9.4.2-2.fc7.x86_64.rpm ae392890fe78fa9c0d3e62185bbf98450e58fc02 bind-sdb-9.4.2-2.fc7.x86_64.rpm 3620e07de93b09fb91ac1034b80c92340584fa84 bind-chroot-9.4.2-2.fc7.x86_64.rpm ec48d1ce52081d57a4376bc713e6b15b64163857 caching-nameserver-9.4.2-2.fc7.x86_64.rpm b049a47024bbd3f2bd8961256e1555cdd91639d2 bind-devel-9.4.2-2.fc7.x86_64.rpm 40359837bdd91d8c4d3bb16bb826566be9c0a570 bind-utils-9.4.2-2.fc7.x86_64.rpm a36c6ae65a6b553f447af070f888905fdf322778 bind-libs-9.4.2-2.fc7.x86_64.rpm 8f46f979da47966c58975cbd5b890a9db986db72 bind-9.4.2-2.fc7.x86_64.rpm 08b2c7747e77196c9574d73286f194e7bc23b190 bind-debuginfo-9.4.2-2.fc7.ppc.rpm 17c4028bc822f413e923559770e5a27193a4c17b bind-sdb-9.4.2-2.fc7.ppc.rpm d0ded87feb4c6c334960663dde0ac26e766b7624 bind-chroot-9.4.2-2.fc7.ppc.rpm 6296b2638170139ae2ae7fbfd959b938dedc91b4 caching-nameserver-9.4.2-2.fc7.ppc.rpm ce6b28ab008940a081592cd6e98812963d763b4e bind-devel-9.4.2-2.fc7.ppc.rpm 2bf42b996bb2721e7eee6b6e81b6e5c18a767bd9 bind-utils-9.4.2-2.fc7.ppc.rpm ea446d15fb1a872b0c71baa6227307fd78cb6817 bind-libs-9.4.2-2.fc7.ppc.rpm c344aebd68febf277a61f072f8fab594e171f095 bind-9.4.2-2.fc7.ppc.rpm 0d34235a42edea98d289c88167b9a7e714246f0d bind-9.4.2-2.fc7.src.rpm -- Fedora 8 -- 2d9ebc78e3dd5806d17a153862f8ea182a243e79 bind-debuginfo-9.5.0-20.b1.fc8.ppc64.rpm 75a7aeb76f75238f500b0e07b0524181115e4b5b bind-chroot-9.5.0-20.b1.fc8.ppc64.rpm 0843934b6597229f0124fcb75f111e68e539d40e bind-devel-9.5.0-20.b1.fc8.ppc64.rpm 00083154ccfa68f44caa0a3a8f8ff015e66a9025 bind-utils-9.5.0-20.b1.fc8.ppc64.rpm 5c622c574e892c4744a8e73de734224f01f75ece bind-libs-9.5.0-20.b1.fc8.ppc64.rpm 9665a66da8ccb70e0bb075605336d4e8d0d0c0c3 bind-sdb-9.5.0-20.b1.fc8.ppc64.rpm 600c39486028ad993714d62da3aaacb79bbebc8a bind-9.5.0-20.b1.fc8.ppc64.rpm 05f52518b1fad4d49ed3baeddada8357d6bdeee3 bind-debuginfo-9.5.0-20.b1.fc8.i386.rpm 43b323a8a79cdec70ed79a08dc639af4a3a224cf bind-chroot-9.5.0-20.b1.fc8.i386.rpm 3dbf3166a83b279f7ff95615172c7bec5776862a bind-devel-9.5.0-20.b1.fc8.i386.rpm 66f63740ab4994dcb8fbc9b0af0985d53ac0c145 bind-utils-9.5.0-20.b1.fc8.i386.rpm d7ce10862191d8876fb7d4539d38e8ad0c11ef70 bind-libs-9.5.0-20.b1.fc8.i386.rpm aa1811d7e7c7e089191581a788efa3a02ce9b851 bind-sdb-9.5.0-20.b1.fc8.i386.rpm 518c089791361543084ce7e20247fed39e712cc5 bind-9.5.0-20.b1.fc8.i386.rpm 1adaf7b8c5584fa3c3ca87eb7a445f911013a7d5 bind-debuginfo-9.5.0-20.b1.fc8.x86_64.rpm f2dee30c9cbf4150343c1cadeb856ca2cad28340 bind-chroot-9.5.0-20.b1.fc8.x86_64.rpm 9db3665e619e6ca6532f1b2b8f57c33ee7ddac0c bind-devel-9.5.0-20.b1.fc8.x86_64.rpm 69818249c4c45c6f3c3e1c2e12a0dfb86a293c19 bind-utils-9.5.0-20.b1.fc8.x86_64.rpm cf21499073cd4e57b161af63750a4c0e2025ba51 bind-libs-9.5.0-20.b1.fc8.x86_64.rpm 12416bc4270267079c8d45437c939e1a2d2f7929 bind-sdb-9.5.0-20.b1.fc8.x86_64.rpm 59810671ccdfdc97a6f4c43364799338f6f1bda4 bind-9.5.0-20.b1.fc8.x86_64.rpm 68bd9e756f0fd5c555b2e98e01a86271c60fdafe bind-debuginfo-9.5.0-20.b1.fc8.ppc.rpm f500b40dadeaff4a88d7b722213b87c142399fcb bind-chroot-9.5.0-20.b1.fc8.ppc.rpm 606b24956f92270b1be997b295c9990b6b1d6d82 bind-devel-9.5.0-20.b1.fc8.ppc.rpm 38bfae55679eb550439f220308b8f2c5c5ab03eb bind-utils-9.5.0-20.b1.fc8.ppc.rpm aa91573cd6a1a35fcb8c4f7e474a9930fe8a5f4a bind-libs-9.5.0-20.b1.fc8.ppc.rpm 533c56c1d1c9e9b193c3c763f9b4132d14128d3a bind-sdb-9.5.0-20.b1.fc8.ppc.rpm 84d7e80d63339dc3a7f89c1df0d0634ec5955fb8 bind-9.5.0-20.b1.fc8.ppc.rpm 71ba31a6534854ed0dd843b1e24f853b11f011c9 bind-9.5.0-20.b1.fc8.src.rpm PROVIDED AND/OR DISCOVERED BY: Florian La Roche ORIGINAL ADVISORY: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------