CVE-2002-1221

Severity

50%

Complexity

99%

Confidentiality

48%

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 22 years ago

2002-11-29 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

ISC BIND 8.1

8.1

ISC BIND 8.1.1

8.1.1

ISC BIND 8.1.2

8.1.2

ISC BIND 8.2

8.2

ISC BIND 8.2.1

8.2.1

ISC BIND 8.2.2

8.2.2

ISC BIND 8.2.3

8.2.3

ISC BIND 8.2.4

8.2.4

ISC BIND 8.2.5

8.2.5

ISC BIND 8.2.6

8.2.6

ISC BIND 8.3.0

8.3.0

ISC BIND 8.3.1

8.3.1

ISC BIND 8.3.2

8.3.2

ISC BIND 8.3.3

8.3.3

FreeBSD 4.4

4.4

FreeBSD 4.5

4.5

FreeBSD 4.6

4.6

FreeBSD 4.7

4.7

OpenBSD 3.0

3.0

OpenBSD 3.1

3.1

OpenBSD 3.2

3.2

References

20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8

Patch, Vendor Advisory

CLA-2002:546

2002-11-21

20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]

20021118 TSLSA-2002-0076 - bind

SSRT2408

20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)

CA-2002-31

US Government Resource

N-013

DSA-196

http://www.isc.org/products/BIND/bind-security.html