NetBSD: BIND Followup on negative cache poisoning vulernability
Posted by LinuxSecurity.com Team   
NetBSD The following excerpts show that include/arpa/inet.h must beupdated from rev 1.12 that ships with 1.6.1 to rev 1.12.2.1 which is thecurrent candidate for 1.6.2.

Hi all,

	A few days ago I performed the update described in SA 2003-018 for
upgrading from source. I run 1.6.1 on an i386. My system is stock 1.6.1, I
do not use -current.

	I ran into trouble and found a solution and I want to share this
with the community so the advisory or myself can be corrected, as
appropriate.

	The following excerpts show that include/arpa/inet.h must be
updated from rev 1.12 that ships with 1.6.1 to rev 1.12.2.1 which is the
current candidate for 1.6.2.

	Thanks all,
- John
netbsd3@frear.com>

$ # I've already performed the "cd" and "cvs update" commands from the SA.
$ # I've also already done "make USETOOLS=no cleandir dependall" which failed
$ cd usr.sbin/bind
$ pwd
/usr/src/usr.sbin/bind
$ make USETOOLS=no dependall
dependall ===> named-bootconf
dependall ===> reload
dependall ===> restart
dependall ===> lib
cc -O2   -Werror  -I/usr/src/sys/src/usr.sbin/bind/lib/obj -I/usr/src/sys/src/usr.sbin/bind/lib/obj -I/usr/src/sys/src/usr.sbin/bind/lib/../../../dist/bind/include -I/usr/src/sys/src/usr.sbin/bind/lib/../../../dist/bind/lib/dst -DHMAC_MD5 -DUSE_MD5   -c /usr/src/sys/src/usr.sbin/bind/lib/../../../dist/bind/lib/inet/inet_lnaof.c
/usr/src/sys/src/usr.sbin/bind/lib/../../../dist/bind/lib/inet/inet_lnaof.c:55: conflicting types for `inet_lnaof' /usr/include/arpa/inet.h:85: previous declaration of `inet_lnaof'
*** Error code 1
Stop.

$ head -2 /usr/include/arpa/inet.h
/*      $NetBSD: inet.h,v 1.12 2002/05/14 18:57:31 kleink Exp $ */

$ cd /usr/src
$ export CVS_RSH=ssh
$ cvs update -d -P -r netbsd-1-6 include/arpa/inet.h
P include/arpa/inet.h

$ su
# # The next two lines are installing this thing incorrectly due to laziness.
# cp include/arpa/inet.h /usr/include/arpa/
# chmod 444 /usr/include/arpa/inet.h

# exit
$ pwd
/usr/src/usr.sbin/bind
$ make USETOOLS=no cleandir dependall > /dev/null 2>&1 ; echo Return code was $?
Return code was 0
$ # At this point a "make USETOOLS=no install" works just fine.