Intrusion Prevention

ISC.BIND.NXT.Overflow

Description

This vulnerability affects the BIND DNS server. Some versions of BIND fail to properly validate NXT records. This improper validation could allow an intruder to overflow a buffer and execute arbitrary code with the privileges of the name server (usually root). NXT record support was introduced in BIND version 8.2. Prior versions of BIND, including 4.x, are not vulnerable to this problem.

Affected Products

ISC, BIND, 8.2.1
ISC, BIND, 8.2

Impact

Attackers can execute arbitrary code with the privileges of the BIND process.

Recommended Actions

Update to BIND version 8.2.2 or newer.

CVE References

CVE-1999-0833