Vulnerability Name:

CVE-2001-0011 (CCN-6016)

Assigned:2001-01-29
Published:2001-01-29
Updated:2008-09-10
Summary:Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: SGI Security Advisory 20010401-01-P
IRIX BIND Vulnerabilities

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.13
OpenServer: BIND buffer overflows

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.16
UnixWare 7.1.1 : Multiple Vulnerabilities in BIND

Source: CCN
Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2001:002.1
4 Vulnerabilities in BIND4 and BIND8

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-001-01
bind

Source: CCN
Type: NetBSD Security Advisory 2001-001
Multiple BIND vulnerabilities

Source: MITRE
Type: CNA
CVE-2001-0011

Source: CCN
Type: Network Associates, Inc. COVERT Labs Security Advisory COVERT-2001-01, January 29, 2001
Vulnerabilities in BIND 4 and 8

Source: CCN
Type: RHSA-2001-007
Updated bind packages available

Source: CCN
Type: Sun Alert ID: 26965
Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root)

Source: CCN
Type: CERT Advisory CA-2001-02
Multiple Vulnerabilities in BIND

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2001-02

Source: CCN
Type: CERT Incident Note IN-2001-03
Exploitation of BIND Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin L-030
Four Vulnerabilities in ISC BIND

Source: CCN
Type: CIAC Information Bulletin L-127
Sun BIND Vulnerabilities

Source: CCN
Type: Rob Thomas's Web site
Secure BIND Template Version 2.1

Source: CCN
Type: Internet Software Consortium (ISC) Web site
BIND Vulnerabilities

Source: CCN
Type: Internet Security Systems Security Alert #72
Remote Vulnerabilities in BIND versions 4 and 8

Source: CCN
Type: US-CERT VU#572183
ISC BIND 4 contains buffer overflow in nslookupComplain()

Source: NAI
Type: UNKNOWN
20010129 Vulnerabilities in BIND 4 and 8

Source: CCN
Type: OSVDB ID: 1746
ISC BIND 4 nslookupComplain() Remote Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2001:007

Source: BID
Type: UNKNOWN
2307

Source: CCN
Type: BID-2307
ISC Bind 4 nslookupComplain() Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
bind-complain-bo(6016)

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00204
BIND

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • AND
  • cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc bind 4.9.3
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 4.9.3
    sun solaris 2.5.1
    sun solaris 2.6
    redhat linux 6.2
    redhat linux 7
    sun solaris 1.0
    sun solaris 9
    sun solaris 7.0