Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DNS:OVERFLOW:NOOP-RQUERY

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 DNS

Keywords

 NOOP In DNS Reverse Query

Release Date

 2011/09/12

Update Number

 1992

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DNS: NOOP In DNS Reverse Query


This signature detects common "No Operation" (NOOP) command sequences in a DNS query. This is an indication of an exploit attempt.

Extended Description

A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.

Affected Products

  • BSD BSD/OS 2.0.0
  • BSD BSD/OS 2.0.1
  • BSD BSD/OS 2.1.0
  • Caldera OpenLinux Standard 1.0.0
  • Data General DG/UX 5.4 3.0.0
  • Data General DG/UX 5.4 3.1.0
  • Data General DG/UX 5.4 4.1.0
  • Data General DG/UX 5.4 4.11.0
  • IBM AIX 4.1.0
  • IBM AIX 4.1.1
  • IBM AIX 4.1.2
  • IBM AIX 4.1.3
  • IBM AIX 4.1.4
  • IBM AIX 4.1.5
  • IBM AIX 4.2.0
  • IBM AIX 4.2.1
  • IBM AIX 4.3.0
  • ISC BIND 4.9.6
  • ISC BIND 8.1.0
  • ISC BIND 8.1.1
  • NEC UX/4800 (64)
  • NetBSD 1.0.0
  • NetBSD 1.1.0
  • NetBSD 1.2.0
  • NetBSD 1.2.1
  • NetBSD 1.3.0
  • NetBSD 1.3.1
  • Red Hat Linux 4.0.0
  • Red Hat Linux 4.1.0
  • Red Hat Linux 4.2.0
  • Red Hat Linux 5.0.0
  • SCO Open Desktop 3.0.0
  • SCO Open Server 5.0.0
  • SCO Unixware 2.1.0
  • SCO Unixware 7.0.0
  • SGI IRIX 3.2.0
  • SGI IRIX 3.3.0
  • SGI IRIX 3.3.1
  • SGI IRIX 3.3.2
  • SGI IRIX 3.3.3
  • SGI IRIX 4.0.0
  • SGI IRIX 4.0.1
  • SGI IRIX 4.0.1 T
  • SGI IRIX 4.0.2
  • SGI IRIX 4.0.3
  • SGI IRIX 4.0.4
  • SGI IRIX 4.0.4 B
  • SGI IRIX 4.0.4 T
  • SGI IRIX 4.0.5
  • SGI IRIX 4.0.5 A
  • SGI IRIX 4.0.5 D
  • SGI IRIX 4.0.5 E
  • SGI IRIX 4.0.5 F
  • SGI IRIX 4.0.5 G
  • SGI IRIX 4.0.5 H
  • SGI IRIX 4.0.5 (IOP)
  • SGI IRIX 4.0.5 IPR
  • SGI IRIX 5.0.0
  • SGI IRIX 5.0.1
  • SGI IRIX 5.1.0
  • SGI IRIX 5.1.1
  • SGI IRIX 5.2.0
  • SGI IRIX 5.3.0
  • SGI IRIX 5.3.0 XFS
  • SGI IRIX 6.0.0
  • SGI IRIX 6.0.1
  • SGI IRIX 6.0.1 XFS
  • SGI IRIX 6.1.0
  • SGI IRIX 6.2.0
  • SGI IRIX 6.3.0
  • Sun Solaris 2.3
  • Sun Solaris 2.4
  • Sun Solaris 2.5
  • Sun Solaris 2.5.1
  • Sun Solaris 2.5.1_ppc
  • Sun Solaris 2.5.1_x86
  • Sun Solaris 2.5_x86
  • Sun Solaris 2.6
  • Sun Solaris 2.6_x86

References

  • BugTraq: 134
  • CVE: CVE-1999-0009

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out