|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
ISC Information for VU#325431
| Date Notified | 01/02/2001 |
| Date Modified | 05/01/2002 03:11:26 PM |
| Status Summary | Vulnerable |
Vendor StatementName: "infoleak"
Versions: 4.8, 4.8.3, 4.9.3, 4.9.4, 4.9.5, 4.9.5-P1, 4.9.6, 4.9.7,
8.1, 8.1.1, 8.2, 8.2-P1, 8.2.1, 8.2.2, 8.2.2-P1, 8.2.2-P2,
8.2.2-P3, 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7,
possibly earlier version of BIND 4.9.x and BIND 4.9.
Severity: MODERATE
Exploitable: Remotely
Type: Information leak
Description:
It is possible to construct a inverse query that allows the stack to
be read remotely exposing environment variables.
Workarounds:
None.
Active Exploits.
Exploits of this bug exist.
Solution:
Upgrade to BIND 9, BIND 8.2.3 or BIND 4.9.8
Credits:
We wish to thank Claudio Musmarra <a9605121@unet.univie.ac.at>
for bring this to our attention.
US-CERT AddendumThe ISC has posted this information on their web site at:
The source code for ISC BIND can be downloaded from:
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
