| Vulnerability Name: | CVE-2000-0887 (CCN-5540) | ||||||||
| Assigned: | 2000-11-07 | ||||||||
| Published: | 2000-11-07 | ||||||||
| Updated: | 2018-05-03 | ||||||||
| Summary: | named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:10 bind Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-040.0 DoS attack against named Source: CCN Type: BugTraq Mailing List, Tue Nov 07 2000 - 06:40:49 CST BIND 8.2.2-P5 Possible DOS Source: CCN Type: Conectiva Linux Announcement CLSA-2000:339 bind: Previous bind package for CL5.1 removes named user Source: BUGTRAQ Type: UNKNOWN 20001115 Trustix Security Advisory - bind and openssh (and modutils) Source: CCN Type: BugTraq Mailing List, Wed Nov 15 2000 - 10:53:47 CST Trustix Security Advisory - bind and openssh (and modutils) Source: CCN Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2000:005.1 Two DoS Vulnerabilities in BIND Source: SUSE Type: UNKNOWN SuSE-SA:2000:45 Source: MITRE Type: CNA CVE-2000-0887 Source: CONECTIVA Type: UNKNOWN CLSA-2000:338 Source: CONECTIVA Type: Patch, Vendor Advisory CLSA-2000:339 Source: MANDRAKE Type: UNKNOWN MDKSA-2000:067 Source: CCN Type: RHSA-2000:107-02 Updated bind packages fixing DoS attack available Source: CCN Type: Sun Alert ID: 26965 Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root) Source: CCN Type: CERT Advisory CA-2000-20 Multiple Denial-of-Service Problems in ISC BIND Source: CERT Type: US Government Resource CA-2000-20 Source: CCN Type: CIAC Information Bulletin L-019 ISC BIND Vulnerabilities Source: CCN Type: CIAC Information Bulletin L-021 IBM AIX: Locale and BIND fixes Source: DEBIAN Type: UNKNOWN 20001112 bind: remote Denial of Service Source: DEBIAN Type: Debian Security Advisory 20001112 bind: remote Denial of Service Source: CCN Type: Internet Software Consortium (ISC) Web site ISC BIND Source: CCN Type: US-CERT VU#715973 ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the zxfr bug Source: CCN Type: OSVDB ID: 448 ISC BIND Compressed ZXFR Name Service Query DoS Source: REDHAT Type: UNKNOWN RHSA-2000:107 Source: BUGTRAQ Type: UNKNOWN 20001107 BIND 8.2.2-P5 Possible DOS Source: BID Type: Exploit, Patch, Vendor Advisory 1923 Source: CCN Type: BID-1923 Multiple Vendor BIND 8.2.2-P5 Denial of Service Vulnerability Source: CCN Type: SuSE Security Announcement SuSE-SA:2000:045 bind8 Source: CCN Type: MandrakeSoft Security Advisory MDKSA-2000:067 bind Source: XF Type: UNKNOWN bind-zxfr-dos(5540) Source: XF Type: UNKNOWN bind-zxfr-dos(5540) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||