GEN:SID 1:261
Message DNS EXPLOIT named overflow attempt
Summary This event is generated by an attempted buffer overflow associated with incorrect validation of NXT records.
Impact Severe. The DNS server can be compromised allowing the attacker access with the privileges of the user running BIND.  This attack is sometimes referred to as ADMROCKS because a subdirectory named ADMROCKS is placed in the directory associated with BIND software.
Detailed Information Improper validation of DNS NXT records may allow an attacker to perform a buffer overflow.  This can allow execution of arbitrary code with the privileges of the user running BIND.
Affected Systems BIND versions 8.2 up to, but not including, 8.2.2.
Attack Scenarios An attacker can launch this exploit to gain remote access to the DNS server.
Ease of Attack Simple.  Code exists to exploit the buffer overflow.
Corrective Action Upgrade to a version of BIND 8.2.2, or greater or patch vulnerable versions of BIND.
Additional References CERT:
http://www.cert.org/advisories/CA-1999-14.html

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833

Bugtraq:
http://www.securityfocus.com/bid/788

Rule References url: www.cert.org/advisories/CA-1998-05.html