VULHUB ™

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a stack overflow that may be exploitable to remote attackers. The vulnerability is due to unsafe use of the sprintf() function to construct an error message. If an attacker controls a DNS server, this vulnerability can be exploited. An attacker may be able to execute shellcode with the privileges of named (typically root).

BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a stack overflow that may be exploitable to remote attackers. The vulnerability is due to unsafe use of the sprintf() function to construct an error message. If an attacker controls a DNS server, this vulnerability can be exploited. An attacker may be able to execute shellcode with the privileges of named (typically root).