CVE-2001-0013

Name of the Vulnerable Software and Affected Versions: BIND 4 versions 4.9 through 4.9.7 BIND 8 version 8.2

Description: The issue is related to a format string vulnerability and a buffer overflow in the nslookupComplain() function, which can be exploited by sending a specially-crafted DNS query to the server. This allows a remote attacker to execute arbitrary code on the system with privileges of the BIND server, potentially leading to a denial of service attack or gaining root privileges.

Recommendations: For BIND 4 versions 4.9 through 4.9.7, consider disabling the nslookupComplain() function until a patch is available. For BIND 8 version 8.2, restrict access to the vulnerable nslookupComplain() function to minimize the risk of exploitation. As a temporary workaround, avoid using the nslookupComplain() function in the affected DNS servers until the issue is resolved.