CVE-2002-1219 - Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, al

CVE-2002-1219

Summary

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2005-03-09T07:56:00.000-04:00

class

vulnerability

contributors

name	Brian Soby
organization	The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:2539

status

accepted

submitted

2005-01-19T12:00:00.000-04:00

title

BIND SIG Resource Records Buffer Overflow

version

refmap via4

apple	2002-11-21
bid	6160
bugtraq	20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) 20021118 TSLSA-2002-0076 - bind
caldera	CSSA-2003-SCO.2
cert	CA-2002-31
cert-vn	VU#852283
ciac	N-013
compaq	SSRT2408
conectiva	CLA-2002:546
confirm	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 http://www.isc.org/products/BIND/bind-security.html
debian	DSA-196
engarde	ESA-20021114-029
freebsd	FreeBSD-SA-02:43
iss	20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
mandrake	MDKSA-2002:077
sgi	20021201-01-P
suse	SuSE-SA:2002:044
xf	bind-sig-rr-bo(10304)

Last major update

03-05-2018 - 01:29

Published

29-11-2002 - 05:00

Last modified

03-05-2018 - 01:29