CVE-2003-0914

Published: 15/12/2003 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

ISC BIND 8.3.x prior to 8.3.7, and 8.4.x prior to 8.4.3, allows remote malicious users to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 8.4.1
isc bind 8.2.5
isc bind 8.3.1
isc bind 8.3.2
nixu namesurfer suite 3.0.1
isc bind 8.3.4
isc bind 8.2.7
isc bind 8.2.4
isc bind 8.2.6
isc bind 8.3.5
nixu namesurfer standard 3.0.1
isc bind 8.3.0
isc bind 8.3.3
isc bind 8.3.6
isc bind 8.4
isc bind 8.2.3
netbsd netbsd 1.6
hp hp-ux 11.11
compaq tru64 5.1 pk3 bl17
compaq tru64 5.1 pk4 bl18
netbsd netbsd current
netbsd netbsd 1.6.1
compaq tru64 5.1b pk1 bl1
sun sunos 5.7
compaq tru64 4.0f pk6 bl17
compaq tru64 4.0g
compaq tru64 4.0g pk3 bl17
compaq tru64 5.1a pk4 bl21
freebsd freebsd 4.5
sun sunos 5.8
freebsd freebsd 4.7
compaq tru64 4.0f pk8 bl22
sun solaris 9.0
hp hp-ux 11.00
compaq tru64 5.1a pk3 bl3
compaq tru64 4.0f
freebsd freebsd 4.4
sun solaris 7.0
compaq tru64 5.1 pk6 bl20
compaq tru64 5.1 pk5 bl19
sco unixware 7.1.1
freebsd freebsd 4.8
compaq tru64 5.1b pk2 bl22
compaq tru64 5.1a
compaq tru64 4.0g pk4 bl22
freebsd freebsd 4.6
compaq tru64 5.1a pk5 bl23
compaq tru64 5.1b
compaq tru64 5.1
compaq tru64 5.1a pk2 bl2
ibm aix 5.1l
freebsd freebsd 5.0
compaq tru64 4.0f pk7 bl18
freebsd freebsd 4.9
compaq tru64 5.1a pk1 bl1
freebsd freebsd 4.6.2
sun solaris 8.0

A vulnerability was discovered in BIND, a domain name server, whereby a malicious name server could return authoritative negative responses with a large TTL (time-to-live) value, thereby rendering a domain name unreachable A successful attack would require that a vulnerable BIND instance submit a query to a malicious nameserver The bind9 package ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/734644 http://www.debian.org/security/2004/dsa-409 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt http://secunia.com/advisories/10542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011 https://nvd.nist.gov https://www.debian.org/security/./dsa-409 https://www.kb.cert.org/vuls/id/734644

CVE-2003-0914

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect