Vulnerability Note VU#13145
BIND memcpy not bounded in case T_SIG of rrextract()
Version 8.2.2 of BIND (current circa November 1999) contained a buffer overflow in the routine that converts records from network format to database format.
Version 8.2.2 of BIND includes some checks for the correct format of a signature record in DNSSEC that previous versions did not. Specifically, in the file ns_resp.c, there is a routine called 'rrextract'. (rr = "resource record"). rrextract contains a large switch block that converts resource records from the network format to the database format, doing different things depending on the type of record received. For case T_SIG, it decodes the signature records. When it gets to the name of the signing domain, there is the following block of code:
Intruders may be able to interrupt the normal operations of your nameserver.
Upgrade to BIND 8.2.2 patch level 5 or later.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SCO||Affected||-||05 Sep 2000|
|Fujitsu||Not Affected||-||09 Nov 1999|
|Sun||Not Affected||-||09 Nov 1999|
|Compaq Computer Corporation||Unknown||-||05 Nov 1999|
CVSS Metrics (Learn More)
- Redhat Security Advisory RHSA-1999:054-01
Thanks to ISC for reporting this problem.
This document was written by Shawn V Hernan.
- CVE IDs: CVE-1999-0835
- CERT Advisory: CA-1999-14
- Date Public: 10 Nov 99
- Date First Published: 14 Nov 2001
- Date Last Updated: 14 Nov 2001
- Severity Metric: 8.86
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.