Complain bug 1

A buffer overflow exists in the nslookupComplain() routine.

The vulnerable buffer is a locally defined character array used to build an error message intended for syslog. Attackers attempting to exploit this vulnerability could do so by sending a specially formatted DNS query to affected BIND servers. If properly constructed, this query could be used to disrupt the normal operation of the DNS server process, resulting in either denial of service or the execution of arbitrary code. If an attacker were able to execute code or commands, they would do so with the same privileges as the BIND process, which are typically superuser privileges.