ID CVE-2002-0029
Summary Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.23:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.23:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.24:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.24:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.25:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.25:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.26:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.26:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.27:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.27:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:2.0.30:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:2.0.30:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:3.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:3.2.10:*:*:*:*:*:*:*
  • cpe:2.3:o:astaro:security_linux:3.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:astaro:security_linux:3.2.11:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-09-2008 - 19:11)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple 2002-11-21
bid 6186
cert CA-2002-31
cert-vn VU#844360
confirm http://www.isc.org/products/BIND/bind-security.html
netbsd NetBSD-SA2002-028
sgi 20021201-01-P
xf bind-dns-libresolv-bo(10624)
Last major update 10-09-2008 - 19:11
Published 29-11-2002 - 05:00
Last modified 10-09-2008 - 19:11
Back to Top