CVE-2002-0029

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.isc.org/products/BIND/bind-security.html	Patch Vendor Advisory
http://www.cert.org/advisories/CA-2002-31.html	Patch Third Party Advisory US Government Resource
http://www.iss.net/security_center/static/10624.php	Vendor Advisory
http://www.kb.cert.org/vuls/id/844360	US Government Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
http://www.securityfocus.com/bid/6186
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:4.9.2:::::::*
	cpe:2.3:a:isc:bind:4.9.4:::::::*
	cpe:2.3:a:isc:bind:4.9.10:::::::*
	cpe:2.3:a:isc:bind:4.9.6:::::::*
	cpe:2.3:a:isc:bind:4.9.7:::::::*
	cpe:2.3:a:isc:bind:4.9.8:::::::*
	cpe:2.3:a:isc:bind:4.9.9:::::::*
	cpe:2.3:a:isc:bind:4.9.3:::::::*
	cpe:2.3:a:isc:bind:4.9.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:astaro:security_linux:2.0.23:::::::*
	cpe:2.3:o:astaro:security_linux:2.0.25:::::::*
	cpe:2.3:o:astaro:security_linux:2.0.26:::::::*
	cpe:2.3:o:astaro:security_linux:2.0.27:::::::*
	cpe:2.3:o:astaro:security_linux:2.0.30:::::::*
	cpe:2.3:o:astaro:security_linux:3.2.0:::::::*
	cpe:2.3:o:astaro:security_linux:3.2.10:::::::*
	cpe:2.3:o:astaro:security_linux:2.0.24:::::::*
	cpe:2.3:o:astaro:security_linux:3.2.11:::::::*

Information

Published : 2002-11-28 21:00

Updated : 2008-09-10 12:11

NVD link : CVE-2002-0029

Mitre link : CVE-2002-0029

JSON object : View

CWE

NVD-CWE-Other

Products Affected

astaro

security_linux

isc

bind

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.isc.org/products/BIND/bind-security.html", "name": "http://www.isc.org/products/BIND/bind-security.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.cert.org/advisories/CA-2002-31.html", "name": "CA-2002-31", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.iss.net/security_center/static/10624.php", "name": "bind-dns-libresolv-bo(10624)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.kb.cert.org/vuls/id/844360", "name": "VU#844360", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc", "name": "NetBSD-SA2002-028", "tags": [], "refsource": "NETBSD"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P", "name": "20021201-01-P", "tags": [], "refsource": "SGI"}, {"url": "http://www.securityfocus.com/bid/6186", "name": "6186", "tags": [], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html", "name": "2002-11-21", "tags": [], "refsource": "APPLE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0029", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-11-29T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:3.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:2.0.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:astaro:security_linux:3.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-10T19:11Z"}

7.5 /10