CVE-2002-1219

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 22 years ago

2002-11-29 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

ISC BIND 4.9.5

4.9.5

ISC BIND 4.9.6

4.9.6

ISC BIND 4.9.7

4.9.7

ISC BIND 4.9.8

4.9.8

ISC BIND 4.9.9

4.9.9

ISC BIND 4.9.10

4.9.10

ISC BIND 8.2

8.2

ISC BIND 8.2.1

8.2.1

ISC BIND 8.2.2

8.2.2

ISC BIND 8.2.3

8.2.3

ISC BIND 8.2.4

8.2.4

ISC BIND 8.2.5

8.2.5

ISC BIND 8.2.6

8.2.6

ISC BIND 8.3.0

8.3.0

ISC BIND 8.3.1

8.3.1

ISC BIND 8.3.2

8.3.2

ISC BIND 8.3.3

8.3.3

FreeBSD 4.4

4.4

FreeBSD 4.5

4.5

FreeBSD 4.6

4.6

FreeBSD 4.7

4.7

OpenBSD 3.0

3.0

OpenBSD 3.1

3.1

OpenBSD 3.2

3.2

References

20021201-01-P

20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8

Patch, Vendor Advisory

CLA-2002:546

2002-11-21

20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]

20021118 TSLSA-2002-0076 - bind

SSRT2408

20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818

CA-2002-31

US Government Resource

N-013

DSA-196

http://www.isc.org/products/BIND/bind-security.html