Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2211

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2211
Last Modified 07 Mar 2011 09:11:34
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2211

Summary

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Vulnerable Systems

Application

  • Isc Bind 4.9

  • Isc Bind 4.9.10

  • Isc Bind 4.9.2

  • Isc Bind 4.9.3

  • Isc Bind 4.9.4

  • Isc Bind 4.9.5

  • Isc Bind 4.9.6

  • Isc Bind 4.9.7

  • Isc Bind 4.9.8

  • Isc Bind 4.9.9

  • Isc Bind 8.2

  • Isc Bind 8.2.1

  • Isc Bind 8.2.2

  • Isc Bind 8.2.3

  • Isc Bind 8.2.4

  • Isc Bind 8.2.5

  • Isc Bind 8.2.6

  • Isc Bind 8.2.7

  • Isc Bind 8.3.0

  • Isc Bind 8.3.1

  • Isc Bind 8.3.2

  • Isc Bind 8.3.3

  • Isc Bind 8.3.4


References

CERT-VN - VU#457875

HP - SSRT2400

MISC - http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html

VUPEN - ADV-2006-1923

MISC - http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ

MISC - http://www.kb.cert.org/vuls/id/IAFY-5FDT4U

MISC - http://www.kb.cert.org/vuls/id/IAFY-5FDPYP

MISC - http://www.imconf.net/imw-2002/imw2002-papers/198.pdf

SECUNIA - 20217

APPLE - 2002-11-21

HP - HPSBUX02117


Last Updated: 27 May 2016 10:38:10