Here is an information bulletin that was issues by CIAC last Tuesday. It covers a BIND buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains how the exploit works, "The exploit requires two systems to be . . .
Here is an information bulletin that was issues by CIAC last Tuesday. It covers a BIND buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains how the exploit works, "The exploit requires two systems to be successful. The first is a DNS server that will have an altered DNS table. The second machine is where the attack will take place."

Intruders alter a valid DNS server's (we will call this box [SERVER 1]) lookup table to point toward their computer [HACKER.COM] as the Authoritative Name Server for that domain. Intruders then prompt your DNS server to resolve [HACKER.COM]. [SERVER 1] passes the information back to your DNS server for the Authoritative Name Server for . Your DNS server then goes to [HACKER.COM] looking to complete the query. Once your DNS server queries [HACKER.COM] for resolution, BIND runs and the buffer overflow condition occurs.

Once the buffer overflow is executed, the following command is executed in the source code obtained by CIAC: cd /; uname -a; pwd; id;. The named service will crash as a result of the buffer overflow.

The link for this article located at CIAC is no longer available.