Debian 196-1 Alert: Remote Exploit Threats in BIND8 Under Scrutiny
debian
November 14, 2002
The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.
Topics Covered
Summary
[Bind version 9, the bind9 package, is not affected by these problems.]
ISS X-Force has discovered several serious vulnerabilities in the Berkeley
Internet Name Domain Server (BIND). BIND is the most common implementation
of the DNS (Domain Name Service) protocol, which is used on the vast
majority of DNS servers on the Internet. DNS is a vital Internet protocol
that maintains a database of easy-to-remember domain names (host names) and
their corresponding numerical IP addresses.
Circumstancial evidence suggests that the Internet Software Consortium
(ISC), maintainers of BIND, was made aware of these issues in mid-October.
Distributors of Open Source operating systems, including Debian, were
notified of these vulnerabilities via CERT about 12 hours before the release
of the advisories on November 12th. This notification did not include any
details that allowed us to identify the vulnerable code, much less prepare
timely fixes.
Unfortunately ISS and the ISC released their security advisories wi...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: bind
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!