BID:2309

ISC Bind 4 nslookupComplain() Format String Vulnerability

Info

ISC Bind 4 nslookupComplain() Format String Vulnerability

Bugtraq ID:	2309
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 29 2001 12:00AM
Updated:	Jan 29 2001 12:00AM
Credit:	Discovered and documented by Anthony Osborne and John McDonald of the COVERT Labs at PGP Security.
Vulnerable:	ISC BIND 8.2 - Caldera OpenLinux 2.2 - Caldera OpenLinux 1.3 - Caldera UnixWare 7.1.1 - IBM AIX 4.3.3 - IBM AIX 4.3.2 - IBM AIX 4.3.1 - IBM AIX 4.3 - Redhat Linux 6.1 i386 - Redhat Linux 6.0 - Redhat Linux 5.2 i386 - Redhat Linux 5.1 - Redhat Linux 5.0 - Redhat Linux 4.2 - Redhat Linux 4.1 - Redhat Linux 4.0 - Slackware Linux 4.0 ISC BIND 4.9.7 -T1B ISC BIND 4.9.7 + HP HP-UX 11.0 4 + HP HP-UX 11.0 + HP HP-UX 10.24 + HP HP-UX 10.20 + HP HP-UX 10.10 ISC BIND 4.9.6 ISC BIND 4.9.5 P1 ISC BIND 4.9.5 ISC BIND 4.9.4 ISC BIND 4.9.3 ISC BIND 4.9

Not Vulnerable:

Discussion

ISC Bind 4 nslookupComplain() Format String Vulnerability

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a format string vulnerability that may be exploitable to remote attackers.

The format string is in the nsloookupComplain() function, which creates an error message and logs it via syslog().

If an attacker controls a DNS server, this vulnerability may be exploitable. An attacker may be able to execute shellcode with the privileges of named (typically root).

Solution / Fix

ISC Bind 4 nslookupComplain() Format String Vulnerability

Solution:
The ISC strongly recommends upgrading to BIND version 9.1.0. Links to download are available below.

Sun has released Sun Alert (ID 26965) dealing with this and other issues. Please see the referenced advisory for more information.

Additional fixes are also available.

ISC BIND 4.9