Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0029

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0029
Last Modified 10 Sep 2008 03:11:05
Published 29 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0029

Summary

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Vulnerable Systems

Operating System

  • Astaro Security Linux 2.0.23

  • Astaro Security Linux 2.0.24

  • Astaro Security Linux 2.0.25

  • Astaro Security Linux 2.0.26

  • Astaro Security Linux 2.0.27

  • Astaro Security Linux 2.0.30

  • Astaro Security Linux 3.2.0

  • Astaro Security Linux 3.2.10

  • Astaro Security Linux 3.2.11

Application

  • Isc Bind 4.9.10

  • Isc Bind 4.9.2

  • Isc Bind 4.9.3

  • Isc Bind 4.9.4

  • Isc Bind 4.9.5

  • Isc Bind 4.9.6

  • Isc Bind 4.9.7

  • Isc Bind 4.9.8

  • Isc Bind 4.9.9


References

CERT - CA-2002-31

CERT-VN - VU#844360

CONFIRM - http://www.isc.org/products/BIND/bind-security.html

BID - 6186

XF - bind-dns-libresolv-bo(10624)

SGI - 20021201-01-P

NETBSD - NetBSD-SA2002-028

APPLE - 2002-11-21


Last Updated: 27 May 2016 10:36:44