DNS: NOOP In DNS Reverse Query
This signature detects common "No Operation" (NOOP) command sequences in a DNS query. This is an indication of an exploit attempt.
Extended Description
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
Affected Products
Netbsd netbsd
Short Name
DNS:OVERFLOW:NOOP-RQUERY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
CVE-1999-0009 DNS In NOOP Query Reverse bid:134
Release Date
09/12/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Ibm
Sun
Nec
Sgi
Isc
Data_general
Bsd
Caldera
Netbsd
CVSS Score
10.0