CVE-2001-0012

Name of the Vulnerable Software and Affected Versions ISC BIND versions 4.9 through 4.9.7 ISC BIND versions 8.1 through 8.2.3 Beta

Description The issue allows remote attackers to access sensitive information such as environment variables. It is also vulnerable to a remotely exploitable buffer overflow in the code that handles Transaction Signatures (TSIG) and a denial of service attack due to improper support of compressed zone transfers (ZXFR). A remote attacker can send an inverse query to the BIND server to access the program stack and view environment variables.

Recommendations For ISC BIND versions 4.9 through 4.9.7, update to a version outside of this range to resolve the issue. For ISC BIND versions 8.1 through 8.2.3 Beta, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the TSIG resource record and disabling compressed zone transfers (ZXFR) until a patch is available. Avoid using the inverse query feature in the affected BIND server until the issue is resolved.