PT-1998-1235 · Isc · Isc Bind

Published

1998-04-10

Updated

2008-09-05

CVE-1999-1499

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ISC BIND versions 4.9 and 8.1

Description The issue allows local users to destroy files via a symlink attack on (1) named dump.db when the root kills the process with a SIGINT signal, or (2) named.stats when a SIGIOT signal is used.

Recommendations For ISC BIND version 4.9, consider restricting access to the named dump.db and named.stats files to prevent unauthorized modifications. For ISC BIND version 8.1, restrict access to the named dump.db and named.stats files to prevent unauthorized modifications.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1499

Affected Products

Isc Bind

PT-1998-1235 · Isc · Isc Bind

CVE-1999-1499

Related Identifiers

Affected Products

References · 4