Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1146

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1146
Last Modified 10 Sep 2008 03:13:57
Published 11 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1146

Summary

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Vulnerable Systems

Application

  • Gnu Glibc 2.2.5


References

CERT-VN - VU#738331

XF - dns-resolver-lib-read-bo(10295)

REDHAT - RHSA-2003:212

REDHAT - RHSA-2003:022

REDHAT - RHSA-2002:258

REDHAT - RHSA-2002:197

MANDRAKE - MDKSA-2004:009

CONECTIVA - CLA-2002:535

NETBSD - NetBSD-SA2002-015


Last Updated: 27 May 2016 10:37:12