Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

BIND: Critical Buffer Overflow Advisory for Versions 4 and 8 Affecting DNS

General Esm H446
Among BIND, there were several other vulnerabilities this week. "Buffer-overflow problems have been found in versions 4 and 8 of BIND, a domain-name-system daemon distributed by the Internet Software Consortium (ISC). This vulnerability has wide implications as most sites on the . . . Among BIND, there were several other vulnerabilities this week. "Buffer-overflow problems have been found in versions 4 and 8 of BIND, a domain-name-system daemon distributed by the Internet Software Consortium (ISC). This vulnerability has wide implications as most sites on the Internet use one of these versions of BIND, the Berkeley Internet Name Domain, to provide DNS resolution.

BIND version 8 (prior to version 8.2.3) has a bug in the signature-transaction code that could allow an attacker to execute arbitrary code as the user running BIND -- often the root user. This problem could affect both recursive and non-recursive DNS servers and does not require the attacker to have control of an authoritative DNS server."