10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.7%
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) by the Internet Software Consortium (ISC). There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer officially maintained by ISC, various versions are still widely deployed on the Internet.
This vulnerability has been successfully exploited in a laboratory environment and presents a serious threat to the Internet infrastructure.
There is a format string vulnerability in the nslookupComplain() routine of several versions of ISC BIND. This vulnerability is reported to exist in all versions prior to BIND 4.9.5-P1.
The vulnerable buffer is a locally defined character array used to build an error message intended for syslog. Attackers attempting to exploit this vulnerability could do so by sending a specially formatted DNS query to affected BIND servers. If properly constructed, this query could be used to disrupt the normal operation of the DNS server process, resulting in the execution of arbitrary code. If an attacker were able to execute code or commands, they would do so with the same privileges as the BIND process, which are typically superuser privileges.
It is important to note that other vendors of DNS software may be vulnerable to this problem as well. Please contact your vendor or check the vendor section of this document for further details.
This vulnerability may allow an attacker to execute privileged commands or code with the same permissions as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges.
This vulnerability was patched by the ISC in an earlier version of BIND 4, most likely BIND 4.9.5-P1. However, there is strong evidence to suggest that some third party vendors who redistribute BIND have not included these changes in their BIND packages. Therefore, the CERT/CC recommends that all users of BIND 4 or its derivatives base their distributions on BIND 4.9.8.
The BIND 4.9.8 distribution can be downloaded from:
<ftp://ftp.isc.org/isc/bind/src/>
The BIND 9.1 distribution can be downloaded from:
868916
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 25, 2001 Updated: April 04, 2001
Affected
------------------------------------------------------------------------------------
VU#868916 - BIND 4 Input validation error in nslookupComplain()
X-REF: SSRT1-69U
------------------------------------------------------------------------------------
Compaq Tru64 UNIX V5.1, V5.0, V5.0a - Not Vulnerable
Compaq Tru64 UNIX V4.0D/F/G -
V4.0d patch: SSRT1-69U_v4.0d.tar.Z
V4.0f patch: SSRT1-69U_v4.0f.tar.Z
V4.0g patch: SSRT1-69U_v4.0g.tar.Z
TCP/IP Services for Compaq OpenVMS - Not Vulnerable
------------------------------------------------------------------------------------
Compaq will provide notice of the completion/availability of the patches
through AES services (DIA, DSNlink FLASH), the Security mailing list (**),
and be available from your normal Compaq Support channel.
**You may subscribe to the Security mailing list at:
http://www.support.compaq.com/patches/mailing-list.shtml
Software Security Response Team
COMPAQ COMPUTER CORPORATION
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Affected
[A fix for this vulnerability] can be downloaded from <ftp://ftp.software.ibm.com/aix/efixes/security>. The compressed tarfile is multiple_bind_vulns_efix.tar.Z. Installation instructions and other important information are given in the README file that is included in the tarball.
The official fix for the four BIND4 and BIND8 vulnerabilities will be in APAR #IY16182.
AIX Security Response Team
IBM Austin
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 04, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The source code for ISC BIND can be downloaded from:
<ftp://ftp.isc.org/isc/bind/src/>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see NetBSD-SA2001-001, “Security vulnerabilities in BIND” at:
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-001.txt.asc
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: February 03, 2001 Updated: April 05, 2001
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
SuSE has made an announcement regarding this vulnerability; for further information, please see:
http://www.suse.com/us/support/security/index.html
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: August 07, 2001
Affected
CERT Advisory CA-2001-02 describes four vulnerabilities in certain
versions of BIND. The four vulnerabilities are listed below along with
the affected versions of Solaris and the version of BIND shipped with each
version of Solaris.
VU#196945 - ISC BIND 8 contains buffer overflow in transaction signature (TSIG)
handling code
Solaris 8 04/01* (BIND 8.2.2-p5)
Solaris 8 Maintenance Update 4* (BIND 8.2.2-p5)
VU#572183 - ISC BIND 4 contains buffer overflow in nslookupComplain()
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 2.5.1** (BIND 4.9.3)
VU#868916 - ISC BIND 4 contains input validation error in nslookupComplain()
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 2.5.1** (BIND 4.9.3)
VU#325431 - Queries to ISC BIND servers may disclose environment variables
Solaris 2.4, 2.5 (BIND 4.8.3)
Solaris 2.5.1** (BIND 4.9.3 and BIND 4.8.3)
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 7 and 8 (BIND 8.1.2)
* To determine if one is running Solaris 8 04/01 or Solaris 8 Maintenance
Update 4, check the contents of the /etc/release file.
** Solaris 2.5.1 ships with BIND 4.8.3 but patch 103663-01 for SPARC and
103664-01 for x86 upgrades BIND to 4.9.3, current revision for each
patch is -17.
List of Patches
The following patches are available in relation to the above problems.
OS Version Patch ID
__________ _________
SunOS 5.8 109326-04
SunOS 5.8_x86 109327-04
SunOS 5.7 107018-03
SunOS 5.7_x86 107019-03
SunOS 5.6 105755-10
SunOS 5.6_x86 105756-10
SunOS 5.5.1 103663-16
SunOS 5.5.1_x86 103664-16
SunOS 5.5 103667-12
SunOS 5.5_x86 103668-12
SunOS 5.4 102479-14
SunOS 5.4_x86 102480-12
The vendor has not provided us with any further information regarding this vulnerability.
For the full text of Sun Microsystems Security Bulletin #204, please visit
http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/204&type=0&nav=sec.sba
This document has been archived here
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 29, 2001
Affected
OpenLinux 2.3, eServer 2.3.1 and eDesktop 2.4 are all vulnerable.
Update packages will be provided at
<ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3>
<ftp://ftp.calderasystems.com/pub/updates/eServer/2.3>
<ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: May 01, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera UNIX has published Security Advisory CSSA-2002-SCO.16 to address this issue in their UnixWare product line. For more information, please see:
ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.16/CSSA-2002-SCO.16.txt
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Not Affected
Apple plans to include BIND 8.2.3 in Mac OS X. BIND is not enabled by default in Mac OS X or Mac OS X Server.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Not Affected
No supported version of FreeBSD contains BIND 4.x, so this does not affect us. We currently ship betas of 8.2.3 in the FreeBSD 4.x release branch, and will be upgrading to 8.2.3 once it is released.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
HP has released a Security Bulletin to address this issue; for further information, please visit <http://itrc.hp.com> and search for “HPSBUX0102-144”. Please note that registration may be required to access this document.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: February 03, 2001 Updated: April 04, 2001
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft has made an announcement regarding this vulnerability; for further information, please see:
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-017.php3
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 30, 2001
Not Affected
Microsoft’s implementation of DNS is not based on BIND, and is not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 30, 2001
Not Affected
So we are pretty impressed with ourselves, since it looks like none of these BIND bugs affected us. In '97, a couple of us did some sprintf->snprintf whacking. Probably took about 3 minutes.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 26, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 26, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 05, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Debian has made an announcement regarding this vulnerability; for further information, please see:
http://www.debian.org/security/2001/dsa-026
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 26, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 31, 2001 Updated: April 05, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Immunix has made an announcement regarding this vulnerability; for further information, please see:
http://download.immunix.org/ImmunixOS/7.0-beta/updates/IMNX-2001-70-001-01
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: April 04, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
RedHat has released an advisory regarding this vulnerability; for further information, please see RHSA-2001-007 and associated bug reports at:
_<http://www.redhat.com/support/errata/RHSA-2001-007.html>_
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=25209
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 03, 2001 Updated: April 27, 2001
Unknown
SGI’s IRIX ™ operating system contains base BIND 4.9.7 with SGI modifications. IRIX BIND 4.9.7 is vulnerable to buffer overflow in nslookupComplain(). Patches are forth coming and will be released with an advisory to <http://www.sgi.com/support/security/> when available.
The vendor has not provided us with any further information regarding this vulnerability.
SGI has released an advisory regarding this vulnerability. For further information, please visit
ftp://patches.sgi.com/support/free/security/advisories/20010401-01-P
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: February 03, 2001 Updated: April 05, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Slackware has made an announcement regarding this vulnerability; for further information, please see:
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
Notified: January 25, 2001 Updated: January 27, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23868916 Feedback>).
View all 28 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
The CERT/CC thanks the COVERT Labs at PGP Security for discovering and analyzing this vulnerability and the Internet Software Consortium for providing a patch to fix it.
This document was written by Jeffrey P. Lanza.
CVE IDs: | CVE-2001-0013 |
---|---|
CERT Advisory: | CA-2001-02 Severity Metric: |