Reported November 12, 2002, by Internet Security Systems.

 

 

VERSIONS AFFECTED

 

  • Internet Software Consortium's (ISC's) BIND 4.x versions, up to and including 4.9.10-REL

  • BIND 8.x versions, up to and including 8.3.3-REL

 

 

DESCRIPTION

 

Multiple remote vulnerabilities exist in BIND 4.x and 8.x, the most serious of which can lead to remote compromise of the vulnerable server. For more details about these vulnerabilities, see the discoverer's Web site.

 

VENDOR RESPONSE

 

ISC has released version 9.2.1 to correct these and other problems, and recommends that affected users immediately upgrade their software.

 

CREDIT          

Discovered by Internet Security Systems' X-Force.