Patch-ID# 101359-03 Keywords: DNS libresolv.so.2 CERT BIND 4.9.3 in.named named-xfer security Synopsis: SunOS 5.3: DNS spoofing is possible per Cern ca-96.02 Date: Jul/12/96 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: DNS spoofing is possible per Cern ca-96.02 BugId's fixed with this patch: 1143397 1238679 Changes incorporated in this version: 1238679 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: usr/include/netdb.h usr/include/resolv.h usr/include/arpa/nameser.h usr/lib/libresolv.so usr/lib/libresolv.so.2 usr/lib/nslookup.help usr/sbin/in.named usr/sbin/named-xfer usr/sbin/nslookup usr/sbin/nstest /usr/sbin/nslookup Problem Description: 1238679 DNS spoofing is possible per Cern ca-96.02 (from 101359-02) 1238679 DNS spoofing is possible per Cern ca-96.02 (from 101359-01) 1143397 nslookup -all dumps core nslookup dumps core when "-all" option is specified at the command line. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Please refer to the file called BIND_493 that came with this patch. This document will describe the difference between libresolv.so.1 and libresolv.so.2 and it should provide the BIND 4.9.3 man pages. It is recommended to install the following patches: 101739-12 sendmail patch 102167-03 nss_dns.so.1 rebuild for BIND 4.9.3 103705-01 rpc.nisd_resolv rebuild for BIND 4.9.3