CVE-1999-1499

Name of the Vulnerable Software and Affected Versions ISC BIND versions 4.9 and 8.1

Description The issue allows local users to destroy files via a symlink attack on (1) named dump.db when the root kills the process with a SIGINT signal, or (2) named.stats when a SIGIOT signal is used.

Recommendations For ISC BIND version 4.9, consider restricting access to the named dump.db and named.stats files to prevent unauthorized modifications. For ISC BIND version 8.1, restrict access to the named dump.db and named.stats files to prevent unauthorized modifications.