GEN:SID | 1:258 |
Message | DNS EXPLOIT named 8.2->8.2.1 |
Summary | This event is generated when an exploit that targets vulnerabilities in BIND 8.2 and 8.2.1 ("ADM named exploit 8.2/8.2.1") is executed against a local DNS server.
|
Impact | Severe. Remote code execution with the privileges of the BIND DNS daemon (named).
|
Detailed Information | BIND is DNS server software shipped with a number of UNIX and Linux-based operating systems. Attackers can exploit multiple vulnerabilities in BIND versions between 8.2 and 8.2.1 to obtain remote shell access. This enables the attacker to execute arbitrary code from the command shell with the security privileges of the BIND DNS daemon (named). If named is running as root, the attacker automatically obtains root privileges to the system.
|
Affected Systems | Any operating system running BIND implementations below 8.2.2.
|
Attack Scenarios | An attacker executes an exploit script against a vulnerable server, obtaining shell access to the compromised machine. If named is running as root, the attacker automatically obtains root privileges on the server. Otherwise, the attacker can execute arbitrary code with the privileges of named, which can lead to remote root compromise.
|
Ease of Attack | Simple. An exploit exists.
|
Corrective Action | Upgrade to BIND 8.2.2 or higher.
|
Additional References | |
Rule References | bugtraq: 788
cve: 1999-0833
|