Vulnerability Name:

CVE-2001-0010 (CCN-6015)

Assigned:2001-01-29
Published:2001-01-29
Updated:2008-09-10
Summary:Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:18
BIND remotely exploitable buffer overflow

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-008.1
BIND buffer overflow

Source: CCN
Type: SGI Security Advisory 20010401-01-P
IRIX BIND Vulnerabilities

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.13
OpenServer: BIND buffer overflows

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.16
UnixWare 7.1.1 : Multiple Vulnerabilities in BIND

Source: CCN
Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2001:002.1
4 Vulnerabilities in BIND4 and BIND8

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-001-01
bind

Source: CCN
Type: NetBSD Security Advisory 2001-001
Multiple BIND vulnerabilities

Source: MITRE
Type: CNA
CVE-2001-0010

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:377
bind

Source: CCN
Type: Network Associates, Inc. COVERT Labs Security Advisory COVERT-2001-01, January 29, 2001
Vulnerabilities in BIND 4 and 8

Source: CCN
Type: RHSA-2001-007
Updated bind packages available

Source: CCN
Type: TurboLinux Security Announcement TLSA2001004-1
[TL-Security-Announce] Bind-8.2.3-2 TLSA2001004-1

Source: CCN
Type: Sun Alert ID: 26965
Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root)

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00204
BIND

Source: CCN
Type: CERT Advisory CA-2001-02
Multiple Vulnerabilities in BIND

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2001-02

Source: CCN
Type: CIAC Information Bulletin L-030
Four Vulnerabilities in ISC BIND

Source: CCN
Type: CIAC Information Bulletin L-127
Sun BIND Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-026

Source: DEBIAN
Type: DSA-026
bind -- buffer overflows and information leak

Source: CCN
Type: Internet Software Consortium (ISC) Web site
BIND Vulnerabilities

Source: CCN
Type: Internet Security Systems Security Alert #72
Remote Vulnerabilities in BIND versions 4 and 8

Source: CCN
Type: US-CERT VU#196945
ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code

Source: NAI
Type: UNKNOWN
20010129 Vulnerabilities in BIND 4 and 8

Source: CCN
Type: OSVDB ID: 14795
ISC BIND TSIG Handling Code Remote Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2001:007

Source: BID
Type: Patch, Vendor Advisory
2302

Source: CCN
Type: BID-2302
ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability

Source: CCN
Type: Slackware Security Advisory-1121
multiple vulnerabilities in bind 8.x

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:003
bind8

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:017
bind update

Source: XF
Type: UNKNOWN
bind-tsig-bo(6015)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc bind 8.2
    isc bind 8.2.1
    isc bind 8.2.2
    isc bind 8.2.2 p1
    isc bind 8.2.2 p2
    isc bind 8.2.2 p3
    isc bind 8.2.2 p4
    isc bind 8.2.2 p5
    isc bind 8.2.2 p6
    isc bind 8.2.2 p7
    isc bind 8.2
    freebsd freebsd *
    sun solaris 2.5.1
    sun solaris 2.6
    turbolinux turbolinux *
    suse suse linux *
    slackware slackware linux *
    redhat linux 5.2
    sun solaris 8
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux -
    connectiva linux -
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    sun solaris 1.0
    redhat linux 7.3
    sun solaris 7.0