BIND: q_usedns array overrun

Summary: 
A buffer overflow can cause the server to exit.
CVE: 
CVE-2005-0033
CERT: 
VU#327633
Posting date: 
25 Jan 2005
Program Impacted: 
BIND
Versions affected: 
8.4.4 and 8.4.5
Severity: 
Low
Exploitable: 
Remotely
Description: 

It is possible to overrun the q_usedns array which is used to track nameservers / addresses that have been queried.

Workarounds: 

Disable the functions that cause BIND to query other servers, namely recursion and the fetching of glue records.

Active exploits: 
None known at this time.
Solution: 

Upgrade to BIND 8.4.6 or later.

Share this