Vulnerability Name:
CVE-1999-0024 (CCN-485)
Assigned:
1997-08-01
Published:
1997-08-01
Updated:
2022-08-17
Summary:
DNS cache poisoning via BIND, by predictable query IDs.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
File Manipulation
References:
Source: CCN
Type: COAST Security FTP Archive
Addressing Weaknesses in the Domain Name System
Source: CCN
Type: Caldera International, Inc. Security Advisory SA-1997.05
Vulnerability in bind
Source: CCN
Type: Secure Network Operations Security Advisory SNI-12
BIND Vulnerabilities and Solutions
Source: MITRE
Type: CNA
CVE-1999-0024
Source: CCN
Type: CERT Advisory CA-1997-22
BIND - the Berkeley Internet Name Daemon
Source: CCN
Type: OSVDB ID: 438
ISC BIND Predictable Query ID DNS Cache Poisoning
Source: CCN
Type: BID-136
Multiple Vendor DNS Cache Corruption Vulnerability
Source: CCN
Type: BID-678
Multiple Vendor BIND Cache Poisoning Vulnerability
Source: XF
Type: UNKNOWN
bind(485)
Source: MISC
Type: UNKNOWN
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0024
Vulnerable Configuration:
Configuration 1
:
cpe:/a:isc:bind:8.1:*:*:*:-:*:*:*
OR
cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
Configuration 2
:
cpe:/o:sco:openserver:5.0:*:*:*:*:*:*:*
OR
cpe:/o:sco:open_desktop:3.0:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
OR
cpe:/o:nec:ews-ux_v:4.2mp:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
OR
cpe:/o:nec:asl_ux_4800:64:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
OR
cpe:/o:bsdi:bsd_os:3.0:*:*:*:*:*:*:*
OR
cpe:/o:nec:ews-ux_v:4.2:*:*:*:*:*:*:*
OR
cpe:/o:sco:unixware:2.1:*:*:*:*:*:*:*
OR
cpe:/o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*
OR
cpe:/o:sco:unix:3.2v4:*:*:*:*:*:*:*
OR
cpe:/o:nec:up-ux_v:4.2mp:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:isc:bind:*:*:*:*:*:*:*:*
AND
cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
OR
cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
OR
cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
OR
cpe:/o:sco:unix:*:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
OR
cpe:/o:caldera:openlinux:1.0:*:*:*:*:*:*:*
OR
cpe:/o:caldera:openlinux:1.1:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
isc
bind 8.1
isc
bind 4.9.5
sco
openserver 5.0
sco
open desktop 3.0
sun
sunos 5.3
nec
ews-ux v 4.2mp
sun
solaris 2.4
sun
solaris 2.5.1
sun
solaris 2.5
ibm
aix 4.2
nec
asl ux 4800 64
sun
sunos 5.5
bsdi
bsd os 3.0
nec
ews-ux v 4.2
sco
unixware 2.1
bsdi
bsd os 2.1
sco
unix 3.2v4
nec
up-ux v 4.2mp
sun
sunos -
sun
sunos 5.4
sun
solaris 2.6
ibm
aix 4.1
sun
sunos 5.5.1
isc
bind *
ibm
aix *
windriver
bsdos *
hp
hp-ux *
sgi
irix *
linux
linux kernel *
sun
solaris *
data_general
dg ux *
sco
unix *
compaq
tru64 *
caldera
openlinux 1.0
caldera
openlinux 1.1
Denotes that component is vulnerable