Interim Security Reliefs (ISR) that fix CVE-2008-1447 (VU#800113) in Solaris 8 and 9 are
available from http://sunsolve.sun.com/tpatches for the following
- Solaris 9 IDR138950-02 (MD5 = bdbe15fedd50858fbfbbe457867d731c)
- Solaris 8 IDR138951-01 (MD5 = aca3c968346c05baabea9cf4bda941a9)
- Solaris 8 IDR138959-01 (MD5 = 92679afe992097f0b863b78fd5935cba)
- Solaris 9 IDR138958-02 (MD5 = c55025147410880848d611d0b2c50754)
These ISRs deliver BIND 9 with the fix for CVE-2008-1447.
Solaris 8 and 9 use BIND version 8. In that version it is
not possible to implement needed fix because of design of this fix.
Also, BIND 8 is already end of life (EOL) according ISC.
Sun is currently working on a patch to release the fixed BIND version 9
for Solaris 8 and 9 (replacing the EOL BIND 8 there). Changing the
release from BIND 8 to BIND 9 is not a trivial task and therefore the
patches to address these are still in progress.
Users MUST completely re-configure BIND as per instructions
in /usr/lib/dns/migration.txt in order to use the new BIND 9 and the
fixes that these patches deliver.
This migration document is shipped as part of the IDRs at SUNWcsu/reloc/usr/lib/dns/migration.txt
Please refer to Sun Alert 239392 "Security Vulnerability in the DNS
Protocol may lead to DNS Cache Poisoning", Sun Alert 240048 Update to Sun Alert 239392 and US-CERT Vulnerability Note VU#800113 for more details on this vulnerability.
NOTE: Interim Security Relief (ISRs) are designed to address the
concerns identified herein. Sun has limited experience with these (ISRs)
due to their interim nature. As such, you should only install the ISRs
on systems meeting the configurations described above.
Sun may release full patches at a later date, however, Sun is under no
obligation whatsoever to create, release, or distribute any such patch.