remote root compromise in bind8

ID SUSE-SA:2001:03
Type suse
Reporter Suse
Modified 2000-01-30T23:40:00


bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems). In addition to this bug, another problem allows for a remote attacker to collect information about the running bind process (this has been found by Claudio Musmarra <a9605121@xxxxxxxxxxxxxxxxx>). For more information on these bugs, please visit the CERT webpage at and the bind bugs webpage at ;.