Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1221

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1221
Last Modified 10 Sep 2008 03:14:04
Published 29 Nov 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1221

Summary

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

Vulnerable Systems

Operating System

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.7

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

Application

  • Isc Bind 8.1

  • Isc Bind 8.1.1

  • Isc Bind 8.1.2

  • Isc Bind 8.2

  • Isc Bind 8.2.1

  • Isc Bind 8.2.2

  • Isc Bind 8.2.3

  • Isc Bind 8.2.4

  • Isc Bind 8.2.5

  • Isc Bind 8.2.6

  • Isc Bind 8.3.0

  • Isc Bind 8.3.1

  • Isc Bind 8.3.2

  • Isc Bind 8.3.3


References

CERT-VN - VU#581682

CERT - CA-2002-31

CONFIRM - http://www.isc.org/products/BIND/bind-security.html

BUGTRAQ - 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]

ISS - 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8

XF - bind-null-dereference-dos(10333)

BID - 6159

MANDRAKE - MDKSA-2002:077

DEBIAN - DSA-196

CIAC - N-013

BUGTRAQ - 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)

COMPAQ - SSRT2408

BUGTRAQ - 20021118 TSLSA-2002-0076 - bind

APPLE - 2002-11-21

CONECTIVA - CLA-2002:546


Last Updated: 27 May 2016 10:37:14