Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:261 |
Message | DNS EXPLOIT named overflow attempt |
Summary | This event is generated by an attempted buffer overflow associated with incorrect validation of NXT records. |
Impact | Severe. The DNS server can be compromised allowing the attacker access with the privileges of the user running BIND. This attack is sometimes referred to as ADMROCKS because a subdirectory named ADMROCKS is placed in the directory associated with BIND software. |
Detailed Information | Improper validation of DNS NXT records may allow an attacker to perform a buffer overflow. This can allow execution of arbitrary code with the privileges of the user running BIND. |
Affected Systems | BIND versions 8.2 up to, but not including, 8.2.2. |
Attack Scenarios | An attacker can launch this exploit to gain remote access to the DNS server. |
Ease of Attack | Simple. Code exists to exploit the buffer overflow. |
Corrective Action | Upgrade to a version of BIND 8.2.2, or greater or patch vulnerable versions of BIND. |
Additional References | CERT: http://www.cert.org/advisories/CA-1999-14.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833 Bugtraq: http://www.securityfocus.com/bid/788 |
Rule References | url: www.cert.org/advisories/CA-1998-05.html |
--
DID:519246
--
http://www.aanval.com/