Infoleak

Summary: 
It is possible to construct a inverse query that allows the stack to be read, remotely exposing environment variables.
CVE: 
CVE-2001-0012
CERT: 
VU#325431
Posting date: 
29 Jan 2001
Program Impacted: 
BIND
Versions affected: 
4.8 - 4.9.7, 8.1 - prerelease versions of 8.2.2
Severity: 
Medium
Exploitable: 
Remotely
Description: 

There is a vulnerability in ISC BIND that allows a remote attacker to access the program stack, possibly exposing program and/or environment variables. This vulnerability affects both BIND 4 and BIND 8, and can be triggered by sending a specially formatted query to vulnerable BIND servers. p. This vulnerability may allow attackers to read information from the program stack, possibly exposing environment variables.

Workarounds: 

None.

Active exploits: 
None known at this time.
Solution: 

Upgrade to BIND 8.2.3 or later.

Share this