Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DNS:OVERFLOW:SIG-OVERFLOW

Severity

 Critical

Recommended

 No

Recommended Action

 Drop Packet

Category

 DNS

Keywords

 dns sig overflow

Release Date

 2004/01/29

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DNS: BIND SIG Overflow


This protocol anomaly is a TCP-based DNS transaction with a suspiciously small SIG resource record. Bind versions 8 to 8.3.3 are vulnerable to a heap overflow in the code that handles SIG resource records. Attackers can execute arbitrary code on the server.

Extended Description

It has been reported that DNS servers, running BIND with recursive DNS functionality enabled, are prone to a buffer overflow condition. An attacker-controlled authoritative DNS server may cause BIND to cache information into an internal database, when recursion is enabled. A buffer overflow vulnerability exists when the DNS server constructs a response to a client request for cached information. Exploitation of this issue could result in the execution of arbitrary attacker-supplied code with the privileges of the vulnerable BIND daemon. It should be noted that recursive DNS functionality is enabled by default.

Affected Products

  • Apple Mac OS X 10.0.0
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.2.0
  • Astaro Security Linux 2.0.0 16
  • Astaro Security Linux 2.0.0 23
  • Astaro Security Linux 2.0.0 24
  • Astaro Security Linux 2.0.0 25
  • Astaro Security Linux 2.0.0 26
  • Astaro Security Linux 2.0.0 27
  • Astaro Security Linux 2.0.0 30
  • Astaro Security Linux 3.2.0 00
  • Astaro Security Linux 3.2.0 10
  • Astaro Security Linux 3.2.0 11
  • Compaq Tru64 4.0.0 f
  • Compaq Tru64 4.0.0 f PK6 (BL17)
  • Compaq Tru64 4.0.0 f PK7 (BL18)
  • Compaq Tru64 4.0.0 g
  • Compaq Tru64 4.0.0 g PK3 (BL17)
  • Compaq Tru64 5.0.0 a
  • Compaq Tru64 5.0.0 a PK3 (BL17)
  • Compaq Tru64 5.1.0
  • Compaq Tru64 5.1.0 a
  • Compaq Tru64 5.1.0 a PK1 (BL1)
  • Compaq Tru64 5.1.0 a PK2 (BL2)
  • Compaq Tru64 5.1.0 a PK3 (BL3)
  • Compaq Tru64 5.1.0 B
  • Compaq Tru64 5.1.0 b PK1 (BL1)
  • Compaq Tru64 5.1.0 PK3 (BL17)
  • Compaq Tru64 5.1.0 PK4 (BL18)
  • Compaq Tru64 5.1.0 PK5 (BL19)
  • FreeBSD 4.4.0
  • FreeBSD 4.5.0
  • FreeBSD 4.6.0
  • FreeBSD 4.7.0
  • HP HP-UX 10.10.0
  • HP HP-UX 10.20.0
  • HP HP-UX 10.24.0
  • HP HP-UX 11.0.0
  • HP HP-UX 11.0.0 4
  • HP HP-UX 11.11.0
  • HP HP-UX 11.22.0
  • ISC BIND 4.9.0
  • ISC BIND 4.9.10
  • ISC BIND 4.9.10 OW2
  • ISC BIND 4.9.3
  • ISC BIND 4.9.4
  • ISC BIND 4.9.5
  • ISC BIND 4.9.6
  • ISC BIND 4.9.7
  • ISC BIND 4.9.8
  • ISC BIND 4.9.9
  • ISC BIND 8.2.0
  • ISC BIND 8.2.1
  • ISC BIND 8.2.2
  • ISC BIND 8.2.3
  • ISC BIND 8.2.4
  • ISC BIND 8.2.5
  • ISC BIND 8.2.6
  • ISC BIND 8.3.0 .0
  • ISC BIND 8.3.1
  • ISC BIND 8.3.2
  • ISC BIND 8.3.3
  • OpenBSD 3.0
  • OpenBSD 3.1
  • OpenBSD 3.2
  • Openwall Openwall GNU/*/Linux (Owl)-Current
  • SCO Open Server 5.0.5
  • SCO Open Server 5.0.6
  • SCO Open Server 5.0.7
  • SGI IRIX 6.5.0
  • SGI IRIX 6.5.1
  • SGI IRIX 6.5.10
  • SGI IRIX 6.5.11
  • SGI IRIX 6.5.12
  • SGI IRIX 6.5.13
  • SGI IRIX 6.5.14
  • SGI IRIX 6.5.15
  • SGI IRIX 6.5.16
  • SGI IRIX 6.5.17
  • SGI IRIX 6.5.18
  • SGI IRIX 6.5.2
  • SGI IRIX 6.5.3
  • SGI IRIX 6.5.4
  • SGI IRIX 6.5.5
  • SGI IRIX 6.5.6
  • SGI IRIX 6.5.7
  • SGI IRIX 6.5.8
  • SGI IRIX 6.5.9
  • Sun Cobalt RaQ XTR
  • Sun Solaris 7.0
  • Sun Solaris 7.0_x86
  • Sun Solaris 8 Sparc
  • Sun Solaris 8 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86

References

  • BugTraq: 6160
  • CERT: CA-2002-31
  • CVE: CVE-2002-1219

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out