-= CVE-2001-0011 =-

Vulnerable versions: BIND 4.9.x, where x < 8
File(s): named/ns_forw.c
Download from:
  ftp://ftp.isc.org/isc/bind/src/DEPRECATED/4.9.11/bind-4.9.11-REL.tar.gz

Domain: DNS Server

_ Vulnerable Functions and Buffers _

nslookupComplain uses sprintf() to overflow a local buffer. The input
buffers used to overflow the output buffer are passed through many
functions, and which contain data that must be logged.

The program does not do heavy buffer manipulations, but the input
buffers are long-lived, so the model-checker needs to discover long
paths through the code. We observe two things:
 1. We cannot see any way in which this code is "special" due to its 
    involving a buffer overflow.
 2. This code is much easier to analyze than many smaller programs 
    containing buffer overflows, since it doesn't do much string 
    manipulation.

We take only a limited slice of this program -- pulling in more of the
original program decreases the comprehensibility of the example,
without leading to any useful variable static measures.

_ Decomposed Programs _

bind.h

nslookupComplain/
  small_bad.c
  med_bad.c
  big_bad.c
