Vulnerability Name:

CVE-2000-0888 (CCN-5814)

Summary:named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-040.0
DoS attack against named

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:339
bind: Previous bind package for CL5.1 removes named user

Source: CCN
Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2000:005.1
Two DoS Vulnerabilities in BIND

Source: SUSE
Type: Broken Link

Source: MITRE
Type: CNA

Type: Broken Link

Type: Broken Link

Type: Broken Link

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0102-144
Sec. Vulnerability in BIND

Source: CCN
Type: RHSA-2000:107-02
Updated bind packages fixing DoS attack available

Source: CCN
Type: Sun Alert ID: 26965
Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root)

Source: CCN
Type: IBM Technical Support Web site
AIX General Software Fixes

Source: CCN
Type: CERT Advisory CA-2000-20
Multiple Denial-of-Service Problems in ISC BIND

Source: CERT
Type: Third Party Advisory, US Government Resource

Source: CCN
Type: CIAC Information Bulletin L-019
ISC BIND Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin L-021
IBM AIX: Locale and BIND fixes

Source: DEBIAN
Type: Third Party Advisory
20001112 bind: remote Denial of Service

Source: DEBIAN
Type: Debian Security Advisory 20001112
bind: remote Denial of Service

Source: CCN
Type: Immunix OS Security Advisory IMNX-2000-70-005-01

Source: CCN
Type: Internet Software Consortium (ISC) Web site

Source: CCN
Type: US-CERT VU#198355
ISC BIND 8.2.2-P6 vulnerable to DoS when processing SRV records, aka the srv bug

Source: CCN
Type: OSVDB ID: 5828
ISC BIND named SRV Remote DoS

Source: REDHAT
Type: Third Party Advisory

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2000:045

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:067

Source: XF
Type: Third Party Advisory, VDB Entry

Source: XF

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:8.2:-:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*

  • Configuration 2:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:isc:bind:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    isc bind 8.2 -
    isc bind 8.2 p1
    isc bind 8.2.1
    isc bind 8.2.2 -
    isc bind 8.2.2 p1
    isc bind 8.2.2 p2
    isc bind 8.2.2 p3
    isc bind 8.2.2 p4
    isc bind 8.2.2 p5
    isc bind 8.2.2 p6
    debian debian linux 2.2
    sun solaris 2.5.1
    sun solaris 2.6
    redhat linux 5.2
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 6.2
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.0
    suse suse linux 6.1
    mandrakesoft mandrake linux 7.1
    connectiva linux -
    mandrakesoft mandrake linux 6.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    redhat linux 7.1
    redhat linux 7.2
    sun solaris 1.0
    redhat linux 7.3
    isc bind *
    ibm aix 4.2.1
    freebsd freebsd *
    netbsd netbsd 1.3.3
    ibm aix 4.3
    ibm aix 4.3.2
    sun solaris 8
    ibm aix 4.3.3
    ibm aix 4.3.1
    sun solaris 7.0
    ibm aix 4.2.0
    ibm aix