A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A buffer overflow error exists in the handling of the q_usedns array used by the server to track nameservers and addresses that have been queried. This vulnerability only affects BIND versions 8.4.4 and 8.4.5.
A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.
Apply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems Affected section of this document.
Apple Computer Inc. Not Affected
Check Point Not Affected
Hitachi Not Affected
IBM Not Affected
Juniper Networks Not Affected
MandrakeSoft Not Affected
NEC Corporation Not Affected
Red Hat Inc. Not Affected
Sun Microsystems Inc. Not Affected
BlueCat Networks Unknown
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
GNU glibc Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Lucent Technologies Unknown
MetaSolv Software Inc. Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
Nortel Networks Unknown
Openwall GNU/*/Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Inc. Unknown
Thanks to Joao Damas of the Internet Systems Consortium for reporting this vulnerability.
This document was written by Chad Dougherty based on information provided by ISC.
|Date First Published:||2005-01-25|
|Date Last Updated:||2005-03-18 16:36 UTC|