Preface: DNS name overflowLogo -Internet Security Systems

DNS name overflow
advICE :Intrusions : 2000403
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Important

In January, 2001, a major flaw in the popular "BIND" package was announced. Attempts to exploit this flaw will be detected as a "DNS name overflow" by older versions of BlackICE. Newer versions of BlackICE will detect this exploit as DNS TSIG name overflow. See the description for more information.

 more information

 

A DNS name may only be 255 characters long (or less). Hackers can sometimes inject longer names into programs, causing a $/Underground/Hacking/Methods/Technical/buffer overflow$buffer overflow$ that might compromise the system.

Details

Some of these attacks are directed against DNS servers themselves. However, there are few implementations of DNS servers, but numerous programs that make DNS queries. Many of these programs do not reserve enough space, so a DNS system that returns a long DNS name can compromise the system. In particular, many programs will do an "reverse lookup" on the $/Reference/Glossary/IP address$IP address$ of an incoming connection, in order to log who it is. Many DNS name overflows are directed at such logging systems.

Most of these attacks are intended as a $/Exploits/DoS$Denial-of-Service$ against the system, but many can also compromise the system.  

advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
NAI-0009: FreeBSD lpd Security Vulnerability  
 
BugtraqID: 1207   AntiSniff DNS Overflow Vulnerability
A buffer overflow exists in the DNS test of the AntiSniff program  
BugtraqID: 678   Multiple Vendor BIND Cache Poisoning Vulnerability
This article mentions not only Cache Poisoning, but also the fact that large names can overflow many client programs that do DNS lookups.  
BugtraqID: 442   Solaris libauth Buffer Overflow vulnerabilities
A buffer overflow exists in the authentication code, so that long hostnames or usernames can be used to break into the system.  
BugtraqID: 210   Multiple Vendor talkd(8) Vulnerability
Bug resulting from DNS reverse lookup buffer overflow.  
BugtraqID: 858   snoop overflow
 
CERT: CA-97.22.bind   BIND - the Berkeley Internet Name Daemon
 
CERT: CA-97.04.talkd   talkd Vulnerability
 
CVE-2000-0405   DNS name buffer overflow in L0pht AntiSniff
 
CVE-1999-0339   libauth buffer overflow in Solaris
 
CVE-1999-0048   Buffer overflow in talkd using corrupt DNS
 
CVE-1999-0244   Livingston RADIUS buffer overflow in accounting code.
 
NAI Advisory: 023   Remote Vulnerability in RADIUS Servers Derived from Livingston 1.16
 
CVE-1999-0299   Buffer overflow in FreeBSD lpd through long DNS hostnames.
 
NAI Advisory: 009   FreeBSD lpd Security Vulnerability
 
CVE-1999-0303   Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
 
CVE-1999-0973   Buffer overflow in Solaris snoop program via a long domain name when running in verbose mode.
 
NAI Advisory: 011   BIND Vulnerabilties and Solutions
 
DNS  
More about the DNS service.  

 parametric information
lengthThe length of the DNS name; if it is longer than a few hundred characters, then it may be a buffer overflow attempt.
dns nameThe initial portion of the DNS name.

 configuration for this item
dns.maxname200The maximum length of a DNS name.

 
Version appeared:
Privacy Policy |  Copyright Info