{"vuid":"VU#852283","idnumber":"852283","name":"Cached malformed SIG record buffer overflow","keywords":["BIND","resolver","buffer overflow"],"overview":"A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9.","clean_desc":"A remotely exploitable buffer overflow exists in named. An attacker using malformed SIG records can exploit this vulnerability against a nameserver with recursion enabled. The overflow occurs when the nameserver constructs responses to recursive requests using the malformed SIG records, leading to arbitrary code execution as the named uid, typically root. As was the case with a previous issue affecting named and NXT records (CA-1999-14, VU#16532), a malicious server must reply to a forwarded request from a recursive nameserver in order to exploit the vulnerability. However, as with the NXT record exploit, a full-service nameserver is not required, only a service replying to a legitimate victim nameserver request. The following versions of BIND are affected: - BIND versions 4.9.5 to 4.9.10\n- BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3","impact":"A remote attacker could execute arbitrary code on the nameserver with the privileges of the named uid, typically root.","resolution":"Upgrade to BIND 4.9.11, BIND 8.2.7, BIND 8.3.4, or BIND 9.","workarounds":"One interim workaround is to disable recursion on vulnerable servers.","sysaffected":"","thanks":"Thanks to ISS for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","n","i","a",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","9","8","5","6","/"],"cveids":["CVE-2002-1219"],"certadvisory":"CA-2002-31","uscerttechnicalalert":null,"datecreated":"2002-11-11T23:56:17Z","publicdate":"2002-11-11T00:00:00Z","datefirstpublished":"2002-11-13T22:45:38Z","dateupdated":"2004-10-18T14:58:52Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"19","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"30.375","cam_scorecurrentwidelyknown":"49.359375","cam_scorecurrentwidelyknownexploited":"74.671875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":30.375,"vulnote":null}