CERT-2002-19: Remote DNS resolver library exploit
That's all I can say... (though somehow I missed the "early warnings" on this particular one, though it doesn't really surprise me - the exploit, that is - not me missing it)
It's getting so that Vixie's code is going to be secure about the same time that MS pulls their collective heads out of their butts... (ok, so it's probably not his fault, but... just getting tired of remote DNS exploits)
CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
Original release date: June 28, 2002
Applications using vulnerable implementations of the Domain Name
System (DNS) resolver libraries, which include, but are not limited
* Internet Software Consortium (ISC) Berkeley Internet Name Domain
(BIND) DNS resolver library (libbind)
* Berkeley Software Distribution (BSD) DNS resolver library (libc)
A buffer overflow vulnerability exists in multiple implementations of
DNS resolver libraries. Operating systems and applications that
utilize vulnerable DNS resolver libraries may be affected. A remote
attacker who is able to send malicious DNS responses could potentially
exploit this vulnerability to execute arbitrary code or cause a denial
of service on a vulnerable system.
Vulnerability Note VU#803539 lists the vendors that have been
contacted about this vulnerability:
This vulnerability is not the same as the Sendmail issue discussed in
Vulnerability Note VU#814627:
All versions of BIND 4 from 4.8.3 prior to BIND 4.9.9 are vulnerable.
All versions of BIND 8 prior to BIND 8.2.6 are vulnerable.
All versions of BIND 8.3.x prior to BIND 8.3.3 are vulnerable.
BIND versions BIND 9.2.0 and BIND 9.2.1 are vulnerable.
BIND version 4.8 does not appear to be vulnerable.
BIND versions BIND 9.0.x and BIND 9.1.x are not vulnerable.
'named' itself is not vulnerable.
Updated releases can be found at:
BIND 9 contains a copy of the BIND 8.3.x resolver library
(lib/bind). This will be updated with the next BIND 9 releases
(9.2.2/9.3.0) in the meantime please use the original in BIND
In addition the BIND 9 'named' can be used to prevent malformed
answers reaching vulnerable clients.