Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1220

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1220
Last Modified 10 Sep 2008 03:14:04
Published 29 Nov 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1220

Summary

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Vulnerable Systems

Operating System

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.7

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

Application

  • Isc Bind 8.3.0

  • Isc Bind 8.3.1

  • Isc Bind 8.3.2

  • Isc Bind 8.3.3


References

CERT-VN - VU#229595

CERT - CA-2002-31

CONFIRM - http://www.isc.org/products/BIND/bind-security.html

BUGTRAQ - 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]

ISS - 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8

XF - bind-opt-rr-dos(10332)

BID - 6161

MANDRAKE - MDKSA-2002:077

DEBIAN - DSA-196

CIAC - N-013

BUGTRAQ - 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)

COMPAQ - SSRT2408

BUGTRAQ - 20021118 TSLSA-2002-0076 - bind

APPLE - 2002-11-21


Last Updated: 27 May 2016 10:37:14