VULHUB ™

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a format string vulnerability that may be exploitable to remote attackers. The format string is in the nsloookupComplain() function, which creates an error message and logs it via syslog(). If an attacker controls a DNS server, this vulnerability may be exploitable. An attacker may be able to execute shellcode with the privileges of named (typically root).

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a format string vulnerability that may be exploitable to remote attackers. The format string is in the nsloookupComplain() function, which creates an error message and logs it via syslog(). If an attacker controls a DNS server, this vulnerability may be exploitable. An attacker may be able to execute shellcode with the privileges of named (typically root).