4 more vulnerabilities were found in BIND. They are starting to catch up with wu-ftp
Versions 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3 are affected. None of the 9.x series seem to be affected. The 4 vulnerabilities are:
- ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code
- ISC BIND 4 contains buffer overflow in nslookupComplain()
- ISC BIND 4 contains input validation error in nslookupComplain()
- Queries to ISC BIND servers may disclose environment variables
The full advisory is available here -
http://www.cert.org/advisories/CA-2001-02.html
Please upgrade!
Quote:
Since 1997, the CERT/CC has published twelve documents describing vulnerabilities or exploitation of vulnerabilities in BIND with information and advice on upgrading and preventing compromises. Unfortunately, many system and network administrators still have not upgraded their versions of BIND, making them susceptible to a number of vulnerabilities. Prior vulnerabilities in BIND have been widely exploited by intruders.
|