ID CVE-2002-1220
Summary BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
References
Vulnerable Configurations
  • ISC BIND 8.3.0
    cpe:2.3:a:isc:bind:8.3.0
  • ISC BIND 8.3.1
    cpe:2.3:a:isc:bind:8.3.1
  • ISC BIND 8.3.2
    cpe:2.3:a:isc:bind:8.3.2
  • ISC BIND 8.3.3
    cpe:2.3:a:isc:bind:8.3.3
  • FreeBSD 4.4
    cpe:2.3:o:freebsd:freebsd:4.4
  • FreeBSD 4.5
    cpe:2.3:o:freebsd:freebsd:4.5
  • FreeBSD 4.6
    cpe:2.3:o:freebsd:freebsd:4.6
  • FreeBSD 4.7
    cpe:2.3:o:freebsd:freebsd:4.7
  • OpenBSD 3.0
    cpe:2.3:o:openbsd:openbsd:3.0
  • OpenBSD 3.1
    cpe:2.3:o:openbsd:openbsd:3.1
  • OpenBSD 3.2
    cpe:2.3:o:openbsd:openbsd:3.2
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ISC BIND 8.3.x OPT Record Large UDP Denial of Service Vulnerability. CVE-2002-1220. Dos exploit for linux platform
id EDB-ID:22011
last seen 2016-02-02
modified 2002-11-12
published 2002-11-12
reporter spybreak
source https://www.exploit-db.com/download/22011/
title ISC BIND 8.3.x OPT Record Large UDP Denial of Service Vulnerability
nessus via4
  • NASL family DNS
    NASL id BIND_DNSSTORM.NASL
    description The remote name server, according to its version number, is affected by the following vulnerabilities : - When running the recursive DNS functionality, this server is vulnerable to a buffer overflow attack that may let an attacker execute arbitrary code on the remote host. - It is vulnerable to a denial of service attack (crash) via SIG RR elements with invalid expiry times. - It is vulnerable to a denial of service attack when a DNS lookup is requested on a nonexistent sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 10886
    published 2002-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10886
    title ISC BIND < 8.3.4 Multiple Remote Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-196.NASL
    description [Bind version 9, the bind9 package, is not affected by these problems.] ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses. Circumstantial evidence suggests that the Internet Software Consortium (ISC), maintainers of BIND, was made aware of these issues in mid-October. Distributors of Open Source operating systems, including Debian, were notified of these vulnerabilities via CERT about 12 hours before the release of the advisories on November 12th. This notification did not include any details that allowed us to identify the vulnerable code, much less prepare timely fixes. Unfortunately ISS and the ISC released their security advisories with only descriptions of the vulnerabilities, without any patches. Even though there were no signs that these exploits are known to the black-hat community, and there were no reports of active attacks, such attacks could have been developed in the meantime - with no fixes available. We can all express our regret at the inability of the ironically named Internet Software Consortium to work with the Internet community in handling this problem. Hopefully this will not become a model for dealing with security issues in the future. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities : - CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier allows a remote attacker to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). This buffer overflow can be exploited to obtain access to the victim host under the account the named process is running with, usually root. - CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote attacker to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. - CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. These problems have been fixed in version 8.3.3-2.0woody1 for the current stable distribution (woody), in version 8.2.3-0.potato.3 for the previous stable distribution (potato) and in version 8.3.3-3 for the unstable distribution (sid). The fixed packages for unstable will enter the archive today.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15033
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15033
    title Debian DSA-196-1 : bind - several vulnerabilities
oval via4
accepted 2005-03-09T07:56:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
family unix
id oval:org.mitre.oval:def:449
status accepted
submitted 2005-01-19T12:00:00.000-04:00
title Bind OPT Resource Record DoS Vulnerability
version 31
refmap via4
apple 2002-11-21
bid 6161
bugtraq
  • 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
  • 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
  • 20021118 TSLSA-2002-0076 - bind
caldera CSSA-2003-SCO.2
cert CA-2002-31
cert-vn VU#229595
ciac N-013
compaq SSRT2408
confirm http://www.isc.org/products/BIND/bind-security.html
debian DSA-196
engarde ESA-20021114-029
freebsd FreeBSD-SA-02:43
iss 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
mandrake MDKSA-2002:077
suse SuSE-SA:2002:044
xf bind-opt-rr-dos(10332)
Last major update 17-10-2016 - 22:24
Published 29-11-2002 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top