You might wish to note that there is a fix: upgrade to 8.2.2 patchlevel
3.
Of course, this will be obvious to anyone who follows the link... but for
those that don't, the "Workaround: None" part will give the wrong
impression.
Rich
On Wed, 10 Nov 1999, Elias Levy wrote:
> http://www.isc.org/products/BIND/bind-security-19991108.html
>
>
> Name: "nxt bug"
>
> Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1
> Severity: CRITICAL
> Exploitable: Remotely
> Type: Access possible
>
> Description:
>
> A bug in the processing of NXT records can theoretically allow an
> attacker to gain access to the system running the DNS server at
> whatever privilege level the DNS server runs at.
>
> Workarounds:
>
> None.
>
> Active Exploits:
>
> At this time, ISC is unaware of any active exploits of this
> vulnerability however given the potential access this vulnerability
> represents, it is probable scripts will be created in the near future
> that make use of this vulnerability.
>
> --
> Elias Levy
> Security Focus
> http://www.securityfocus.com/
>
