Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:259 |
| Message | DNS EXPLOIT named overflow ADM |
| Summary | This event is generated by an attempted buffer overflow associated with incorrect validation of DNS NXT records. |
| Impact | Severe. The DNS server can be compromised allowing the attacker to execute arbitrary commands with the privileges of the user running BIND. |
| Detailed Information | Improper validation of DNS NXT records may allow at attacker to perform a buffer overflow. This can allow the attacker to execute arbitrary code with the privileges of the user running BIND. |
| Affected Systems | BIND versions 8.2 up to, but not including, 8.2.2. |
| Attack Scenarios | An attacker can launch this exploit to gain remote access to the DNS server. |
| Ease of Attack | Simple. Code exists to exploit the buffer overflow. |
| Corrective Action | Upgrade to a version of BIND 8.2.2 or greater, or patch vulnerable versions of BIND. |
| Additional References | CERT: http://www.cert.org/advisories/CA-1999-14.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833 Bugtraq: http://www.securityfocus.com/bid/788 |
| Rule References | bugtraq: 788 cve: 1999-0833 |
--
DID:211100
--
http://www.aanval.com/