Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2212

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2212
Last Modified 05 Sep 2008 04:32:37
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2212

Summary

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Vulnerable Systems

Application

  • Isc Bind 4.9

  • Isc Bind 4.9.10

  • Isc Bind 4.9.2

  • Isc Bind 4.9.3

  • Isc Bind 4.9.4

  • Isc Bind 4.9.5

  • Isc Bind 4.9.6

  • Isc Bind 4.9.7

  • Isc Bind 4.9.8

  • Isc Bind 4.9.9

  • Isc Bind 8.2

  • Isc Bind 8.2.1

  • Isc Bind 8.2.2

  • Isc Bind 8.2.3

  • Isc Bind 8.2.4

  • Isc Bind 8.2.5

  • Isc Bind 8.2.6

  • Isc Bind 8.2.7

  • Isc Bind 8.3.0

  • Isc Bind 8.3.1

  • Isc Bind 8.3.2

  • Isc Bind 8.3.3

  • Isc Bind 8.3.4


References

CERT-VN - VU#457875

MISC - http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html

CONFIRM - http://www.kb.cert.org/vuls/id/IAFY-5FDT5K

MISC - http://www.imconf.net/imw-2002/imw2002-papers/198.pdf


Last Updated: 27 May 2016 10:37:39