{"vuid":"VU#327633","idnumber":"327633","name":"BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns","keywords":["bind","buffer overflow"],"overview":"A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.","clean_desc":"The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A buffer overflow error exists in the handling of the q_usedns array used by the server to track nameservers and addresses that have been queried. This vulnerability only affects BIND versions 8.4.4 and 8.4.5.","impact":"A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.","resolution":"Apply a patch from the vendor Patches have been released in response to this issue. Please see the Systems Affected section of this document. Upgrade Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND version 8.4.6 which includes a patch for this issue.","workarounds":"Workarounds ISC recommends that users who are unable to apply the patch disable recursion and glue fetching.","sysaffected":"","thanks":"Thanks to Joao Damas of the \nInternet Systems Consortium\n for reporting this vulnerability.","author":"This document was written by Chad Dougherty based on information provided by ISC.","public":["http://www.isc.org/sw/bind/bind-security.php","http://www.niscc.gov.uk/niscc/docs/al-20050125-00059.html?lang=en"],"cveids":["CVE-2005-0033"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-10T14:59:12Z","publicdate":"2005-01-25T00:00:00Z","datefirstpublished":"2005-01-25T21:19:16Z","dateupdated":"2005-03-18T16:36:10Z","revision":24,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"19","cam_population":"10","cam_impact":"3","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.9125","cam_scorecurrentwidelyknown":"2.19375","cam_scorecurrentwidelyknownexploited":"3.31875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.9125,"vulnote":null}