BIND NXT Bug Vulnerability

From: Elias Levy (aleph1at_private)
Date: Wed Nov 10 1999 - 13:55:25 PST

Next message: Richard Trott: "Re: BIND NXT Bug Vulnerability"

Previous message: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Next in thread: Richard Trott: "Re: BIND NXT Bug Vulnerability"
Reply: Richard Trott: "Re: BIND NXT Bug Vulnerability"
Reply: Mike Iglesias: "Re: BIND NXT Bug Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.isc.org/products/BIND/bind-security-19991108.html


Name: "nxt bug"

   Versions affected:     8.2, 8.2 patchlevel 1, 8.2.1
   Severity:     CRITICAL
   Exploitable:     Remotely
   Type:     Access possible

Description:

   A bug in the processing of NXT records can theoretically allow an
   attacker to gain access to the system running the DNS server at
   whatever privilege level the DNS server runs at.

Workarounds:

   None.

Active Exploits:

   At this time, ISC is unaware of any active exploits of this
   vulnerability however given the potential access this vulnerability
   represents, it is probable scripts will be created in the near future
   that make use of this vulnerability.

--
Elias Levy
Security Focus
http://www.securityfocus.com/

Next message: Richard Trott: "Re: BIND NXT Bug Vulnerability"
Previous message: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Next in thread: Richard Trott: "Re: BIND NXT Bug Vulnerability"
Reply: Richard Trott: "Re: BIND NXT Bug Vulnerability"
Reply: Mike Iglesias: "Re: BIND NXT Bug Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:05 PDT