• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ISC BIND DNS Resolver Buffer Overflow Vulnerability

ISC BIND (Berkeley Internet Name Domain) is vulnerable to a buffer overflow condition.

The vulnerability exists in the DNS stub resolver library in ISC BIND. The BIND 4 resolver library contains buffer overflows in functions that are responsible for network name and address requests.

The consequences of this vulnerability will be highly dependant on the details of individual applications using libc. It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user.