Date: Wed, 10 Nov 1999 19:45:53 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@FreeBSD.ORG Cc: security-officer@FreeBSD.ORG Subject: BIND NXT Bug Vulnerability Message-ID: <4.1.19991110194035.04c62100@granite.sentex.ca>
next in thread | raw e-mail | index | archive | help
I imagine the right people are aware of this, but in case not, can someone commit the relavant patches to STABLE ? ---Mike >Return-Path: owner-bugtraq@SECURITYFOCUS.COM >Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by >granite.sentex.net (8.8.8/8.6.9) with ESMTP id RAA20973; Wed, 10 Nov 1999 >17:08:55 -0500 (EST) >Received: from lists.securityfocus.com (lists.securityfocus.com >[207.126.127.68]) > by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id RAA81815; > Wed, 10 Nov 1999 17:08:54 -0500 (EST) > (envelope-from owner-bugtraq@SECURITYFOCUS.COM) >Received: from lists.securityfocus.com (lists.securityfocus.com >[207.126.127.68]) > by lists.securityfocus.com (Postfix) with ESMTP > id 28E0D1F452; Wed, 10 Nov 1999 14:00:05 -0800 (PST) >Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM > (LISTSERV-TCP/IP release 1.8d) with spool id 1078020 for > BUGTRAQ@LISTS.SECURITYFOCUS.COM; Wed, 10 Nov 1999 13:57:41 -0800 >Approved-By: aleph1@SECURITYFOCUS.COM >Delivered-To: bugtraq@lists.securityfocus.com >Received: from securityfocus.com (securityfocus.com [207.126.127.66]) by > lists.securityfocus.com (Postfix) with SMTP id 5434C1EEB7 for > <bugtraq@lists.securityfocus.com>; Wed, 10 Nov 1999 13:55:25 -0800 > (PST) >Received: (qmail 21608 invoked by alias); 10 Nov 1999 21:55:25 -0000 >Delivered-To: bugtraq@securityfocus.com >Received: (qmail 21605 invoked by uid 101); 10 Nov 1999 21:55:25 -0000 >Mime-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >X-Mailer: Mutt 1.0pre3i >Message-ID: <19991110135525.A21417@securityfocus.com> >Date: Wed, 10 Nov 1999 13:55:25 -0800 >Reply-To: aleph1@SECURITYFOCUS.COM >Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> >From: Elias Levy <aleph1@SECURITYFOCUS.COM> >Subject: BIND NXT Bug Vulnerability >X-To: bugtraq@securityfocus.com >To: BUGTRAQ@SECURITYFOCUS.COM >X-UIDL: b701b883efa18881267af4a91d6d1eb7 > >http://www.isc.org/products/BIND/bind-security-19991108.html > > >Name: "nxt bug" > > Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1 > Severity: CRITICAL > Exploitable: Remotely > Type: Access possible > >Description: > > A bug in the processing of NXT records can theoretically allow an > attacker to gain access to the system running the DNS server at > whatever privilege level the DNS server runs at. > >Workarounds: > > None. > >Active Exploits: > > At this time, ISC is unaware of any active exploits of this > vulnerability however given the potential access this vulnerability > represents, it is probable scripts will be created in the near future > that make use of this vulnerability. > >-- >Elias Levy >Security Focus >http://www.securityfocus.com/ ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991110194035.04c62100>