SGI Information for VU#325431

Queries to ISC BIND servers may disclose environment variables

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

SGI's IRIX (tm) operating system contains base BIND 4.9.7 with SGI modifications. IRIX BIND 4.9.7 is vulnerable to buffer overflow in nslookupComplain(). Patches are forth coming and will be released with an advisory to http://www.sgi.com/support/security/ when available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

SGI has released an advisory regarding this vulnerability. For further information, please visit