*sigh*

That's all I can say... (though somehow I missed the "early warnings" on this particular one, though it doesn't really surprise me - the exploit, that is - not me missing it)

It's getting so that Vixie's code is going to be secure about the same time that MS pulls their collective heads out of their butts... (ok, so it's probably not his fault, but... just getting tired of remote DNS exploits)

http://www.cert.org/advisories/CA-2002-19.html


Code:
CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
Original release date: June 28, 2002

[...]

Systems Affected

   Applications  using  vulnerable  implementations  of  the  Domain Name
   System  (DNS)  resolver  libraries, which include, but are not limited
   to:

     * Internet  Software  Consortium (ISC) Berkeley Internet Name Domain
       (BIND) DNS resolver library (libbind)

     * Berkeley Software Distribution (BSD) DNS resolver library (libc)


Overview

   A  buffer overflow vulnerability exists in multiple implementations of
   DNS  resolver  libraries.  Operating  systems  and  applications  that
   utilize  vulnerable  DNS  resolver libraries may be affected. A remote
   attacker who is able to send malicious DNS responses could potentially
   exploit this vulnerability to execute arbitrary code or cause a denial
   of service on a vulnerable system.


[...]

   Vulnerability   Note  VU#803539  lists  the  vendors  that  have  been
   contacted about this vulnerability:

     http://www.kb.cert.org/vuls/id/803539

   This  vulnerability is not the same as the Sendmail issue discussed in
   Vulnerability Note VU#814627:

     http://www.kb.cert.org/vuls/id/814627

[...]

     All  versions  of  BIND  4  from  4.8.3  prior  to  BIND  4.9.9 are vulnerable.
     All versions of BIND 8 prior to BIND 8.2.6 are vulnerable.
     All versions of BIND 8.3.x prior to BIND 8.3.3 are vulnerable.
     BIND versions BIND 9.2.0 and BIND 9.2.1 are vulnerable.
     BIND version 4.8 does not appear to be vulnerable.
     BIND versions BIND 9.0.x and BIND 9.1.x are not vulnerable.
     'named' itself is not vulnerable.
     Updated releases can be found at:

     ftp://ftp.isc.org/isc/bind/src/4.9.9/
     ftp://ftp.isc.org/isc/bind/src/8.2.6/
     ftp://ftp.isc.org/isc/bind/src/8.3.3/
     ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.3/

     BIND  9  contains  a  copy  of  the  BIND  8.3.x  resolver  library
     (lib/bind).  This  will  be  updated  with the next BIND 9 releases
     (9.2.2/9.3.0)  in  the  meantime  please  use  the original in BIND
     8.3.3.

     In  addition  the  BIND  9 'named' can be used to prevent malformed
     answers reaching vulnerable clients.

[...]