| VID |
19006 |
| Severity |
30 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
The BIND daemon, according to its version number, has an information leak vulnerability. ISC BIND versions 4.x prior to 4.9.8 and 8.2.x prior to 8.2.3 could allow a remote attacker to read environment variables from the named program stack.
A remote attacker can send an inverse query to the BIND server to access the program stack and view environment variables. The information obtained by exploiting this vulnerability may aid in the development of exploits for 'tsig bug' and 'complain bug' which allow buffer overflow attacks.
* References:
http://www.securityfocus.com/bid/2321
http://www.cert.org/advisories/CA-2001-02.html |
| Recommendation |
The ISC (Internet Software Consortium) strongly recommends upgrading to BIND version 9.1.0. Links to download are available below:
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=2321 |
| Related URL |
CVE-2001-0012 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
