DNS: BIND Version Query
This protocol anomaly is a DNS query for version.bind with the type set to TXT and the class set to CHAOS. BIND servers support the ability to be remotely queried for their versions. This can indicate a reconnaisance attempt; when attackers know the BIND version, they can then attempt to exploit vulnerabilities on the server.
Extended Description
A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.
Affected Products
Netbsd netbsd
References
BugTraq: 134
CVE: CVE-1999-0009
URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2057.html
Short Name
DNS:QUERY:VERSION-QUERY
Severity
Minor
Recommended
False
Recommended Action
None
Category
DNS
Keywords
CVE-1999-0009 bid:134 bind dns info leak query version
Release Date
01/29/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sco
Ibm
Sun
Nec
Sgi
Isc
Data_general
Bsd
Caldera
Netbsd
CVSS Score
10.0