Info

Disclosure

Jan 25, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in BIND. The q_usedns can be overrun resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

ISC	BIND	8.4.5
		8.4.4

References

Security Tracker: 1012996
Secunia Advisory ID: 14009 14330 18291
CVE ID: 2005-0033 (see also: NVD)
CERT VU: 327633
Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1/SCOSA-2006.1.txt http://www.astaro.org/showflat.php?Cat=&Number=55637&page=0&view=collapsed&sb=5&o ......
Vendor Specific Advisory URL: http://www.isc.org/sw/bind/bind-security.php

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218