[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND NXT Bug Vulnerability (fwd)




There's an exploit for this now, so if you are running bind 8.x, you
probably want to upgrade.  (For those of you running Red Hat 6.0, the
updates mirror on ftp.silug.org actually has the rpms, which amazes me
because mirror has been consistently failing for weeks now...)

----- Forwarded message from Elias Levy -----

Message-ID:  <19991110135525.A21417@securityfocus.com>
Date:         Wed, 10 Nov 1999 13:55:25 -0800
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
Subject:      BIND NXT Bug Vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM

http://www.isc.org/products/BIND/bind-security-19991108.html


Name: "nxt bug"

   Versions affected:     8.2, 8.2 patchlevel 1, 8.2.1
   Severity:     CRITICAL
   Exploitable:     Remotely
   Type:     Access possible

Description:

   A bug in the processing of NXT records can theoretically allow an
   attacker to gain access to the system running the DNS server at
   whatever privilege level the DNS server runs at.

Workarounds:

   None.

Active Exploits:

   At this time, ISC is unaware of any active exploits of this
   vulnerability however given the potential access this vulnerability
   represents, it is probable scripts will be created in the near future
   that make use of this vulnerability.

--
Elias Levy
Security Focus
http://www.securityfocus.com/

--
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.