Vulnerability Name:

CVE-1999-0011 (CCN-2346)

Assigned:1998-04-08
Published:1998-04-08
Updated:2018-10-30
Summary:Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: SGI Security Advisory 19980603-01-PX
IRIX BIND DNS Vulnerabilities

Source: SGI
Type: UNKNOWN
19980603-01-PX

Source: MITRE
Type: CNA
CVE-1999-0011

Source: SUN
Type: UNKNOWN
00180

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00180
BIND

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX9808-083
Security Vulnerability in BIND on HP-UX

Source: CCN
Type: CERT Advisory CA-1998-05
Multiple Vulnerabilities in BIND

Source: CCN
Type: CIAC Information Bulletin I-062
SGI IRIX BIND DNS named(1M) Vulnerability

Source: CCN
Type: OSVDB ID: 9734
ISC BIND CNAME Record Zone Transfer DoS

Source: HP
Type: UNKNOWN
HPSBUX9808-083

Source: XF
Type: UNKNOWN
bind-axfr-dos(2346)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:data_general:dg_ux:y2k_patchr4.11mu05:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:y2k_patchr4.12mu03:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:y2k_patchr4.20mu01:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:y2k_patchr4.20mu02:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:y2k_patchr4.20mu03:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:4.9:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8:*:*:*:-:*:*:*

  • Configuration 2:
  • cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:nec:asl_ux_4800:11:*:*:*:*:*:*:*
  • OR cpe:/o:nec:asl_ux_4800:13:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:sco:open_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:sco:openserver:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:3.2v4:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unixware:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unixware:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:isc:bind:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5966
    V
    Security vulnerability in the BIND executable
    2008-12-08
    BACK
    data_general dg ux y2k_patchr4.11mu05
    data_general dg ux y2k_patchr4.12mu03
    data_general dg ux y2k_patchr4.20mu01
    data_general dg ux y2k_patchr4.20mu02
    data_general dg ux y2k_patchr4.20mu03
    isc bind 4.9
    isc bind 8
    ibm aix 4.1
    ibm aix 4.2
    ibm aix 4.3
    nec asl ux 4800 11
    nec asl ux 4800 13
    netbsd netbsd 1.3
    netbsd netbsd 1.3.1
    redhat linux 4.2
    redhat linux 5.0
    sco open desktop 3.0
    sco openserver 5.0
    sco unix 3.2v4
    sco unixware 2.1
    sco unixware 7.0
    sun sunos 5.3
    sun sunos 5.4
    sun sunos 5.5
    sun sunos 5.5.1
    sun sunos 5.6
    isc bind *