Vulnerability Note VU#868916
ISC BIND 4 contains input validation error in nslookupComplain()
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) by the Internet Software Consortium (ISC). There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer officially maintained by ISC, various versions are still widely deployed on the Internet.
This vulnerability has been successfully exploited in a laboratory environment and presents a serious threat to the Internet infrastructure.
There is a format string vulnerability in the nslookupComplain() routine of several versions of ISC BIND. This vulnerability is reported to exist in all versions prior to BIND 4.9.5-P1.
This vulnerability may allow an attacker to execute privileged commands or code with the same permissions as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges.
This vulnerability was patched by the ISC in an earlier version of BIND 4, most likely BIND 4.9.5-P1. However, there is strong evidence to suggest that some third party vendors who redistribute BIND have not included these changes in their BIND packages. Therefore, the CERT/CC recommends that all users of BIND 4 or its derivatives base their distributions on BIND 4.9.8.
The BIND 9.1 distribution can be downloaded from:
Please note that upgrading to BIND 4.9.8 also addresses the vulnerabilities discussed in VU#325431 and VU#572183.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Compaq Computer Corporation||Affected||25 Jan 2001||04 Apr 2001|
|IBM||Affected||25 Jan 2001||05 Apr 2001|
|ISC||Affected||24 Jan 2001||04 Apr 2001|
|NetBSD||Affected||25 Jan 2001||05 Apr 2001|
|Sun Microsystems Inc.||Affected||25 Jan 2001||07 Aug 2001|
|SuSE Inc.||Affected||03 Feb 2001||05 Apr 2001|
|The SCO Group (SCO Linux)||Affected||25 Jan 2001||29 Jan 2001|
|The SCO Group (SCO UnixWare)||Affected||25 Jan 2001||01 May 2002|
|Apple Computer Inc.||Not Affected||25 Jan 2001||05 Apr 2001|
|FreeBSD||Not Affected||25 Jan 2001||05 Apr 2001|
|Hewlett-Packard Company||Not Affected||25 Jan 2001||05 Apr 2001|
|MandrakeSoft||Not Affected||03 Feb 2001||04 Apr 2001|
|Microsoft Corporation||Not Affected||25 Jan 2001||30 Jan 2001|
|OpenBSD||Not Affected||25 Jan 2001||30 Jan 2001|
|BSDI||Unknown||25 Jan 2001||26 Jan 2001|
CVSS Metrics (Learn More)
- VU#196945, VU#325431, VU#572183
The CERT/CC thanks the COVERT Labs at PGP Security for discovering and analyzing this vulnerability and the Internet Software Consortium for providing a patch to fix it.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2001-0013
- CERT Advisory: CA-2001-02
- Date Public: 29 Jan 2001
- Date First Published: 29 Jan 2001
- Date Last Updated: 06 Dec 2002
- Severity Metric: 33.92
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.