Intrusion PreventionISC.BIND.InverseQuery.Remote.Overflow
Description
This indicates an attempt to exploit a Buffer Overflow vulnerability in Bind.
An attacker can probe a target DNS server with a specific inverse query. If the DNS server is vulnerable, this may result in information disclosure. With this information, the attacker can gain access to the DNS server with the privileges of the DNS daemon, "named" (potentially root).
Affected Products
BIND Versions 4 and Versions 8 through 8.2 are vulnerable to the attack.
Impact
System compromise: Information leak can lead to unauthorized access by an attacker.
Recommended Actions
Update to BIND versions greater than 8.2.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-02-15 | 14.554 | Sig Added |
| ID | 30516 |
| Created | Dec 30, 2011 |
| Updated | Jun 07, 2022 |
| Risk |
|
| CVE ID | CVE-2001-0010 CVE-1999-0009 CVE-2001-0012 |
| Exploit Prediction Score | 18.93% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD |
| Affected App | Other |