| GEN:SID | 1:259 |
| Message | DNS EXPLOIT named overflow ADM |
| Summary | This event is generated by an attempted buffer overflow associated with incorrect validation of DNS NXT records.
|
| Impact | Severe. The DNS server can be compromised allowing the attacker to execute arbitrary commands with the privileges of the user running BIND.
|
| Detailed Information | Improper validation of DNS NXT records may allow at attacker to perform a buffer overflow. This can allow the attacker to execute arbitrary code with the privileges of the user running BIND.
|
| Affected Systems | BIND versions 8.2 up to, but not including, 8.2.2.
|
| Attack Scenarios | An attacker can launch this exploit to gain remote access to the DNS server.
|
| Ease of Attack | Simple. Code exists to exploit the buffer overflow.
|
| Corrective Action | Upgrade to a version of BIND 8.2.2 or greater, or patch vulnerable versions of BIND.
|
| Additional References | CERT: http://www.cert.org/advisories/CA-1999-14.html
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833
Bugtraq: http://www.securityfocus.com/bid/788
|
| Rule References | bugtraq: 788
cve: 1999-0833
|