Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » TurboLinux Security Announcement #TLSA2001004-1

TurboLinux Security Announcement #TLSA2001004-1

by Phiber on February 25th, 2001 Package: Bind
Vulnerable Packages: All versions previous to 8.2.3
Two vulnerabilities have been discovered in ISC BIND 8.


1. Problem Summary(From the CERT/CC, CERT Advisory CA-2001-02)


a) ISC BIND 8 contains a buffer overflow in transaction signature (TSIG) handling code.



During the processing of a transaction signature (TSIG), BIND 8 checks for the presence of TSIGs that fail to include a valid key. If such a TSIG is found, BIND skips normal processing of the request and jumps
directly to code designed to send an error response. Because the error-
handling code initializes variables differently than in normal processing
it invalidates the assumptions that later function calls make about the
size of the request buffer.



Once these assumptions are invalidated, the code that adds a new (valid)
signature to the responses may overflow the request buffer and overwrite
adjacent memory on the stack or the heap. When combined with other buffer
overflow exploitation techniques, an attacker can gain unauthorized
privileged access to the system, allowing the execution of arbitrary code.



Impact: This vulnerability may allow an attacker to execute code with the same
privileges as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges.




b) Queries to ISC BIND servers may disclose environment variables


This vulnerability is an information leak in the query processing code of BIND 8 that allows a remote attacker to access the program stack, possibly exposing program and/or environment variables. This vulnerability is triggered by sending a specially formatted query to vulnerable BIND servers.



Impact:This vulnerability may allow attackers to read information from the
program stack, possibly exposing environment variables.



Solution can be found in the whole advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »