Among BIND, there were several other vulnerabilities this week. "Buffer-overflow problems have been found in versions 4 and 8 of BIND, a domain-name-system daemon distributed by the Internet Software Consortium (ISC). This vulnerability has wide implications as most sites on the Internet use one of these versions of BIND, the Berkeley Internet Name Domain, to provide DNS resolution.
BIND version 8 (prior to version 8.2.3) has a bug in the signature-transaction code that could allow an attacker to execute arbitrary code as the user running BIND -- often the root user. This problem could affect both recursive and non-recursive DNS servers and does not require the attacker to have control of an authoritative DNS server."
