Reported January 29, 2001, by CERT.

  • BIND 8
  • BIND 4


Multiple vulnerabilities have been discovered in Internet Software Consortium (ISC) BIND versions 4 and 8. In the first vulnerability, in BIND 8, a remote buffer overflow can let an attacker execute arbitrary code without having control over a DNS server. The second vulnerability, in BIND 4, is also a buffer overflow that requires the attacker to have control over a DNS server to execute arbitrary code. In the third vulnerability, also in BIND 4, an attacker can use a format string issue to launch arbitrary commands.


ISC is aware of these issues and has released patches. BIND 4.9.8 and 8.2.3 address the vulnerabilities.

Discovered by
Covert Labs.