Published: 29/11/2002 Updated: 10/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 up to and including 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote malicious users to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 4.9.2
isc bind 4.9.4
isc bind 4.9.10
isc bind 4.9.6
isc bind 4.9.7
isc bind 4.9.8
isc bind 4.9.9
isc bind 4.9.3
isc bind 4.9.5
astaro security linux 2.0.23
astaro security linux 2.0.25
astaro security linux 2.0.26
astaro security linux 2.0.27
astaro security linux 2.0.30
astaro security linux 3.2.0
astaro security linux 3.2.10
astaro security linux 2.0.24
astaro security linux 3.2.11

Synopsis glibc security update Type/Severity Security Advisory: Important Topic Updated glibc packages that fix a security flaw in the resolver as well asdlclose handling are now available Description The GNU libc packages (known as glibc) contain the standard C librariesused by applicatio ...

[Bind version 9, the bind9 package, is not affected by these problems] ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND) BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet DNS is a vital Int ...

For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores.

nmap -sV --script vulners [--script-args mincvss=<arg_val>] <target>

53/tcp   open     domain             ISC BIND DNS
| vulners:
|   ISC BIND DNS:
|     CVE-2012-1667    8.5    https://vulners.com/cve/CVE-2012-1667
|     CVE-2002-0651    7.5    https://vulners.com/cve/CVE-2002-0651
|     CVE-2002-0029    7.5    https://vulners.com/cve/CVE-2002-0029
|     CVE-2015-5986    7.1    https://vulners.com/cve/CVE-2015-5986
|     CVE-2010-3615    5.0    https://vulners.com/cve/CVE-2010-3615
|     CVE-2006-0987    5.0    https://vulners.com/cve/CVE-2006-0987
|_    CVE-2014-3214    5.0    https://vulners.com/cve/CVE-2014-3214

NVD-CWE-Other http://www.isc.org/products/BIND/bind-security.html http://www.cert.org/advisories/CA-2002-31.html http://www.iss.net/security_center/static/10624.php http://www.kb.cert.org/vuls/id/844360 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P http://www.securityfocus.com/bid/6186 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html https://access.redhat.com/errata/RHSA-2004:383 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/844360

CVE-2002-0029

Vulnerability Summary

Vendor Advisories

Nmap Scripts

References

Vulmon Search

About

Products

Connect