CVE-2000-0887

Name of the Vulnerable Software and Affected Versions ISC BIND versions 4.9 through 4.9.7 ISC BIND versions 8.1 through 8.2.3 Beta ISC BIND 8.2.2 versions p1 through p7

Description The issue allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached. Additionally, there is a remotely exploitable buffer overflow in the code that handles Transaction Signatures (TSIG) when a BIND server receives a request with a TSIG resource record that contains an invalid key. This can lead to the execution of arbitrary code. A remote attacker can also send an inverse query to the BIND server to access the program stack and view environment variables.

Recommendations For ISC BIND versions 4.9 through 4.9.7, update to a version outside of this range to resolve the issue. For ISC BIND versions 8.1 through 8.2.3 Beta, update to a version outside of this range to resolve the issue. For ISC BIND 8.2.2 versions p1 through p7, update to a version outside of this range, such as version 8.2.2 p8 or later, to resolve the issue. As a temporary workaround, consider disabling the TSIG functionality until a patch is available. Restrict access to the inverse query functionality to minimize the risk of exploitation.