|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
ISC Information for VU#196945
| Date Notified | 01/05/2001 |
| Date Modified | 05/01/2002 03:11:27 PM |
| Status Summary | Vulnerable |
Vendor StatementName: "tsig bug"
Versions: 8.2, 8.2-P1, 8.2.1, 8.2.2, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3,
8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7 and all 8.2.3 betas.
Severity: CRITICAL
Exploitable: Remotely
Type: Access possible
Description:
It is possible to overflow a buffer handling TSIG signed
queries, thereby obtaining access to the system.
Workarounds:
None.
Active Exploits:
Exploits for this bug exist.
Solution:
Upgrade to BIND 8.2.3-REL or preferably BIND 9.1.
Credits:
Discovery and initial documentation of this vulnerability
was conducted by Anthony Osborne and John McDonald of the
COVERT Labs at PGP Security.
US-CERT AddendumThe ISC has posted this information on their web site at:
The source code for ISC BIND can be downloaded from:
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |