GEN:SID | 1:261 |
Message | DNS EXPLOIT named overflow attempt |
Summary | This event is generated by an attempted buffer overflow associated with incorrect validation of NXT records.
|
Impact | Severe. The DNS server can be compromised allowing the attacker access with the privileges of the user running BIND. This attack is sometimes referred to as ADMROCKS because a subdirectory named ADMROCKS is placed in the directory associated with BIND software.
|
Detailed Information | Improper validation of DNS NXT records may allow an attacker to perform a buffer overflow. This can allow execution of arbitrary code with the privileges of the user running BIND.
|
Affected Systems | BIND versions 8.2 up to, but not including, 8.2.2.
|
Attack Scenarios | An attacker can launch this exploit to gain remote access to the DNS server.
|
Ease of Attack | Simple. Code exists to exploit the buffer overflow.
|
Corrective Action | Upgrade to a version of BIND 8.2.2, or greater or patch vulnerable versions of BIND.
|
Additional References | CERT: http://www.cert.org/advisories/CA-1999-14.html
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833
Bugtraq: http://www.securityfocus.com/bid/788
|
Rule References | url: www.cert.org/advisories/CA-1998-05.html
|