The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) by the Internet Software Consortium (ISC). There is a buffer overflow vulnerability in BIND 4.9.x, which may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer officially maintained by ISC, various versions are still widely deployed on the Internet.
This vulnerability has been successfully exploited in a laboratory environment and presents a serious threat to the Internet infrastructure.
A buffer overflow exists in the nslookupComplain() routine of several versions of ISC BIND. This vulnerability is reported to exist in all versions prior to BIND 4.9.8.
This vulnerability can disrupt the proper operation of the BIND server and may allow an attacker to execute privileged commands or code with the same permissions as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges.
The ISC has released BIND version 4.9.8 to address this security issue as well as others. The CERT/CC strongly recommends that all users of BIND 4.9.x upgrade to 4.9.8 immediately.
The BIND 9.1 distribution can be downloaded from:
Please note that upgrading to BIND 4.9.8 also addresses the vulnerabilities discussed in VU#325431 and VU#868916.
Compaq Computer Corporation
The CERT/CC thanks the COVERT Labs at PGP Security for discovering and analyzing this vulnerability and the Internet Software Consortium for providing a patch to fix it.
This document was written by Jeffrey P. Lanza