Vulnerabilities > CVE-1999-0009

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
data-general
isc
sgi
bsdi
caldera
ibm
nec
netbsd
redhat
sco
sun
critical
nessus
exploit available
NVD
Published: 1998-04-08
Updated: 2018-10-30

Summary

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Vulnerable Configurations

Part Description Count
Application
Data_General
4
Application
Isc
3
OS
Sgi
32
OS
Bsdi
3
OS
Caldera
1
OS
Ibm
9
OS
Nec
1
OS
Netbsd
6
OS
Redhat
4
OS
Sco
4
OS
Sun
9

Exploit-Db

  • descriptionBSDI BSD/OS 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX 5.4 4.11,IBM AIX 4.3,ISC BIND 8.1.1,NetBSD 1.3.1,RedHat Linux 5.0,SCO Open Desktop 3.0/Serv...
    idEDB-ID:19111
    last seen2016-02-02
    modified1998-04-08
    published1998-04-08
    reporterROTShB
    sourcehttps://www.exploit-db.com/download/19111/
    titleMultiple OSes - BIND Buffer Overflow 1
  • descriptionBSDI BSD/OS 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX 5.4 4.11,IBM AIX 4.3,ISC BIND 8.1.1,NetBSD 1.3.1,RedHat Linux 5.0,SCO Open Desktop 3.0/Serv...
    idEDB-ID:19112
    last seen2016-02-02
    modified1998-04-08
    published1998-04-08
    reporterprym
    sourcehttps://www.exploit-db.com/download/19112/
    titleMultiple OSes - BIND Buffer Overflow 2

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_12957.NASL
    descriptions700_800 11.00 Bind 4.9.7 components : Security vulnerability in the BIND executable.
    last seen2020-06-01
    modified2020-06-02
    plugin id16871
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16871
    titleHP-UX PHNE_12957 : s700_800 11.00 Bind 4.9.7 components
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_12957. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(16871);
  script_version("$Revision: 1.11 $");
  script_cvs_date("$Date: 2013/04/20 00:32:52 $");

  script_cve_id("CVE-1999-0009", "CVE-1999-0010", "CVE-1999-0011");
  script_xref(name:"HP", value:"HPSBUX9808-083");

  script_name(english:"HP-UX PHNE_12957 : s700_800 11.00 Bind 4.9.7 components");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.00 Bind 4.9.7 components : 

Security vulnerability in the BIND executable."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_12957 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"1998/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.00"))
{
  exit(0, "The host is not affected since PHNE_12957 applies to a different OS release.");
}

patches = make_list("PHNE_12957", "PHNE_14618", "PHNE_20619", "PHNE_23274", "PHNE_28449");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDNS
    NASL idBIND_IQUERY.NASL
    descriptionThe remote BIND server, according to its version number, is vulnerable to an inverse query overflow which could allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id10329
    published2002-04-02
    reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10329
    titleISC BIND < 4.9.7 / 8.1.2 Inverse-Query Remote Overflow
    code
    #
# (C) Tenable Network Security, Inc.
#

# This script replaces bind_bof.nes


include("compat.inc");

if (description)
{
 script_id(10329);
 script_version("1.19");
 script_cvs_date("Date: 2018/06/27 18:42:25");

 script_cve_id("CVE-1999-0009");
 script_bugtraq_id(134);
 
 script_name(english:"ISC BIND < 4.9.7 / 8.1.2 Inverse-Query Remote Overflow");
 script_summary(english:"Checks the remote BIND version");
 
 script_set_attribute(attribute:"synopsis", value:
"It is possible to use the remote name server to break into the
remote host." );
 script_set_attribute(attribute:"description", value:
"The remote BIND server, according to its version number, is 
vulnerable to an inverse query overflow which could allow an attacker 
to execute arbitrary code on the remote host." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to BIND 8.1.2 or 4.9.7 or newer" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2002/04/02");
 script_set_attribute(attribute:"vuln_publication_date", value: "1998/04/08");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");
 script_family(english: "DNS");
 script_dependencie("bind_version.nasl");
 script_require_keys("bind/version");
 exit(0);
}

vers = get_kb_item("bind/version");
if(!vers)exit(0);
if(ereg(string:vers,
	 pattern:"^8\.((0\..*)|(1\.[0-1]([^0-9]|$))).*"))security_hole(53);

if(ereg(string:vers,
    	pattern:"^4\.([0-8]\.|9\.[0-6]([^0-9]|$)).*"))security_hole(53);

References