SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#852283

Cached malformed SIG record buffer overflow

Overview

A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9.

I. Description

A remotely exploitable buffer overflow exists in named. An attacker using malformed SIG records can exploit this vulnerability against a nameserver with recursion enabled. The overflow occurs when the nameserver constructs responses to recursive requests using the malformed SIG records, leading to arbitrary code execution as the named uid, typically root. As was the case with a previous issue affecting named and NXT records (CA-1999-14, VU#16532), a malicious server must reply to a forwarded request from a recursive nameserver in order to exploit the vulnerability. However, as with the NXT record exploit, a full-service nameserver is not required, only a service replying to a legitimate victim nameserver request.

The following versions of BIND are affected:

    - BIND versions 4.9.5 to 4.9.10
    - BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3

II. Impact

A remote attacker could execute arbitrary code on the nameserver with the privileges of the named uid, typically root.

III. Solution

Upgrade to BIND 4.9.11, BIND 8.2.7, BIND 8.3.4, or BIND 9.

One interim workaround is to disable recursion on vulnerable servers.

Systems Affected

VendorStatusDate Updated
3ComUnknown12-Nov-2002
AdnsUnknown12-Nov-2002
Aladdin Knowledge SystemsUnknown12-Nov-2002
AlcatelUnknown12-Nov-2002
ApacheUnknown12-Nov-2002
Apache-SSLUnknown12-Nov-2002
Apple Computer Inc.Vulnerable3-Dec-2002
AT&TUnknown12-Nov-2002
AvayaUnknown12-Nov-2002
BlueCat NetworksUnknown12-Nov-2002
BSDIUnknown12-Nov-2002
Check PointUnknown12-Nov-2002
Cisco Systems Inc.Unknown12-Nov-2002
CistronUnknown12-Nov-2002
Command SoftwareUnknown12-Nov-2002
Compaq Computer CorporationUnknown12-Nov-2002
Computer AssociatesUnknown12-Nov-2002
ConectivaVulnerable14-Nov-2002
CovalentUnknown12-Nov-2002
Cray Inc.Not Vulnerable14-Nov-2002
CyberSoftUnknown12-Nov-2002
D-Link SystemsUnknown12-Nov-2002
Data FellowsUnknown12-Nov-2002
Data GeneralUnknown12-Nov-2002
DebianVulnerable14-Nov-2002
EngardeVulnerable14-Nov-2002
F-SecureUnknown12-Nov-2002
F5 NetworksUnknown12-Nov-2002
Finjan SoftwareUnknown12-Nov-2002
FreeBSDVulnerable14-Nov-2002
FreeRADIUSUnknown12-Nov-2002
FujitsuUnknown12-Nov-2002
Funk SoftwareUnknown12-Nov-2002
GFI SoftwareUnknown12-Nov-2002
GNU glibcUnknown12-Nov-2002
Hewlett-Packard CompanyUnknown12-Nov-2002
IBMVulnerable18-Nov-2002
InfoBloxNot Vulnerable18-Oct-2004
Inner CiteUnknown12-Nov-2002
IntelUnknown12-Nov-2002
Interlink NetworksUnknown12-Nov-2002
Intersoft International Inc.Unknown12-Nov-2002
IPlanetUnknown12-Nov-2002
ISCVulnerable12-Nov-2002
JkuoUnknown12-Nov-2002
Juniper NetworksUnknown12-Nov-2002
KTH KerberosUnknown12-Nov-2002
LachmanUnknown12-Nov-2002
Lotus SoftwareUnknown12-Nov-2002
Lucent TechnologiesUnknown12-Nov-2002
Macromedia Inc.Unknown12-Nov-2002
MandrakeSoftVulnerable14-Nov-2002
MeiUnknown12-Nov-2002
Men&MiceUnknown12-Nov-2002
MetaSolv Software Inc.Unknown12-Nov-2002
Microsoft CorporationNot Vulnerable14-Nov-2002
MiT Kerberos Development TeamUnknown12-Nov-2002
MontaVista SoftwareNot Vulnerable13-Nov-2002
NCFTP SoftwareUnknown12-Nov-2002
NCSAUnknown12-Nov-2002
NEC CorporationUnknown12-Nov-2002
NetSNMPUnknown12-Nov-2002
Network ApplianceUnknown12-Nov-2002
Network AssociatesUnknown12-Nov-2002
NeXTUnknown12-Nov-2002
NixuUnknown12-Nov-2002
NokiaUnknown12-Nov-2002
NominumNot Vulnerable13-Nov-2002
Nortel NetworksVulnerable3-Dec-2002
Open GroupUnknown12-Nov-2002
OpenBSDUnknown12-Nov-2002
Openwall GNU/*/LinuxVulnerable3-Dec-2002
Oracle CorporationUnknown12-Nov-2002
Process SoftwareUnknown12-Nov-2002
PSPLUnknown12-Nov-2002
PuttyUnknown12-Nov-2002
RADIUSUnknown12-Nov-2002
RADIUSClientUnknown12-Nov-2002
Red Hat Inc.Vulnerable13-Nov-2002
Riverstone NetworksUnknown12-Nov-2002
RSA SecurityUnknown12-Nov-2002
SendmailUnknown12-Nov-2002
SequentUnknown12-Nov-2002
SGIUnknown12-Nov-2002
ShadowSupportUnknown12-Nov-2002
Sony CorporationUnknown12-Nov-2002
SophosUnknown12-Nov-2002
SSH Communications SecurityUnknown12-Nov-2002
Sun Microsystems Inc.Unknown12-Nov-2002
SuSE Inc.Vulnerable14-Nov-2002
Symantec CorporationUnknown1-Apr-2003
The SCO Group (SCO Linux)Unknown12-Nov-2002
The SCO Group (SCO UnixWare)Unknown12-Nov-2002
Threshold NetworksUnknown12-Nov-2002
Trend MicroUnknown12-Nov-2002
Wind River Systems Inc.Unknown12-Nov-2002
WirexUnknown12-Nov-2002
WU-FTPD Development GroupUnknown12-Nov-2002
Xerox CorporationUnknown12-Nov-2002
Xi GraphicsUnknown12-Nov-2002
XTRADIUSUnknown12-Nov-2002
YARD RADIUSUnknown12-Nov-2002

References


http://www.secunia.com/advisories/9856/

Credit

Thanks to ISS for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public11/11/2002
Date First Published11/13/2002 05:45:35 PM
Date Last Updated10/18/2004
CERT AdvisoryCA-2002-31
CVE NameCAN-2002-1219
US-CERT Technical Alerts 
Metric30.37
Document Revision18

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader