Bind NXT exploit v1.17 Vulnerability exploited: CVE-1999-0833 - BID-788 Category: Exploits/Remote Named NXT Resource Record Overflow This module exploits a nameserver vulnerability that occurs when processing a maliciously crafted T_NXT resource record received in a DNS reply message.After successful exploitation, a level 0 agent will be deployed. This level 0 agent will inherit the user identity and capabilities of the abused service, usually those of the user used to run the bind daemon. However, the uid (as opposite to the euid) of the level 0 agent will be that of the super user in most cases (usually '0').Note that the deployed level 0 might be running in a chroot jail. This situation doesn't prevent the level 0 agent to be used, and after setting the user id to that of the super user, the chroot breaker module (see "chroot breaker" module documentation) can be used to escape the chroot jail. Supported Systems: RedHat Linux 6.1 (i386) OpenBSD 2.7 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.