Signature Detail

DNS: Red Hat Enterprise Linux DNS Resolver Buffer Overflow

This signature detects attempts to exploit a known vulnerability against DNS stub resolver library in ISC BIND. A successful attack can lead to arbitrary code execution.

Extended Description

ISC BIND (Berkeley Internet Name Domain) is vulnerable to a buffer overflow condition. The vulnerability exists in the DNS stub resolver library in ISC BIND. The BIND 4 resolver library contains buffer overflows in functions that are responsible for network name and address requests. The consequences of this vulnerability will be highly dependant on the details of individual applications using libc. It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user.

Affected Products

• Astaro Security Linux 2.0.0 16
• Astaro Security Linux 2.0.0 23
• Astaro Security Linux 2.0.0 24
• Astaro Security Linux 2.0.0 25
• Astaro Security Linux 2.0.0 26
• Astaro Security Linux 2.0.0 27
• Astaro Security Linux 2.0.0 30
• Astaro Security Linux 3.2.0 00
• Astaro Security Linux 3.2.0 10
• Astaro Security Linux 3.2.0 11
• Avaya Converged Communications Server 2.0.0
• Avaya Intuity LX
• Avaya S8300 R2.0.0
• Avaya S8300 R2.0.1
• Avaya S8500 R2.0.0
• Avaya S8500 R2.0.1
• Avaya S8700 R2.0.0
• Avaya S8700 R2.0.1
• Compaq Tru64 4.0.0 f
• Compaq Tru64 4.0.0 f PK6 (BL17)
• Compaq Tru64 4.0.0 f PK7 (BL18)
• Compaq Tru64 4.0.0 g
• Compaq Tru64 4.0.0 g PK3 (BL17)
• Compaq Tru64 5.0.0 a
• Compaq Tru64 5.0.0 a PK3 (BL17)
• Compaq Tru64 5.1.0
• Compaq Tru64 5.1.0 a
• Compaq Tru64 5.1.0 a PK1 (BL1)
• Compaq Tru64 5.1.0 a PK2 (BL2)
• Compaq Tru64 5.1.0 a PK3 (BL3)
• Compaq Tru64 5.1.0 B
• Compaq Tru64 5.1.0 b PK1 (BL1)
• Compaq Tru64 5.1.0 PK3 (BL17)
• Compaq Tru64 5.1.0 PK4 (BL18)
• Compaq Tru64 5.1.0 PK5 (BL19)
• GNU glibc 2.2.0
• GNU glibc 2.2.5
• HP HP-UX 10.10.0
• HP HP-UX 10.20.0
• HP HP-UX 11.0.0
• HP HP-UX 11.0.0 4
• HP HP-UX 11.11.0
• IBM AIX 4.3.3
• IBM AIX 5.1
• IBM AIX 5.2
• ISC BIND 4.9.10
• ISC BIND 4.9.2
• ISC BIND 4.9.3
• ISC BIND 4.9.4
• ISC BIND 4.9.5
• ISC BIND 4.9.6
• ISC BIND 4.9.7
• ISC BIND 4.9.8
• ISC BIND 4.9.9
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• SGI IRIX 6.5.0
• SGI IRIX 6.5.1
• SGI IRIX 6.5.10
• SGI IRIX 6.5.11
• SGI IRIX 6.5.12
• SGI IRIX 6.5.13
• SGI IRIX 6.5.14
• SGI IRIX 6.5.15
• SGI IRIX 6.5.16
• SGI IRIX 6.5.17
• SGI IRIX 6.5.18
• SGI IRIX 6.5.2
• SGI IRIX 6.5.3
• SGI IRIX 6.5.4
• SGI IRIX 6.5.5
• SGI IRIX 6.5.6
• SGI IRIX 6.5.7
• SGI IRIX 6.5.8
• SGI IRIX 6.5.9
• Sun Solaris 2.5.1
• Sun Solaris 2.5.1_ppc
• Sun Solaris 2.5.1_x86
• Sun Solaris 2.6
• Sun Solaris 2.6_x86
• Xerox DocuPrint NPS/IPS Series 7.x
• Xerox DocuPrint NPS/IPS Series 8.0.0

References

• BugTraq: 6186
• CVE: CVE-2002-0029