| Vulnerability Name: | CVE-2001-0012 (CCN-6018) |
| Assigned: | 2001-01-29 |
| Published: | 2001-01-29 |
| Updated: | 2008-09-10 |
| Summary: | BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:18
BIND remotely exploitable buffer overflow
Source: CCN
Type: SGI Security Advisory 20010401-01-P
IRIX BIND Vulnerabilities
Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.13
OpenServer: BIND buffer overflows
Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.16
UnixWare 7.1.1 : Multiple Vulnerabilities in BIND
Source: CCN
Type: BugTraq Mailing List, Mon Jan 29 2001 - 08:12:23 CST
bind
Source: CCN
Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2001:002.1
4 Vulnerabilities in BIND4 and BIND8
Source: CCN
Type: NetBSD Security Advisory 2001-001
Multiple BIND vulnerabilities
Source: MITRE
Type: CNA
CVE-2001-0012
Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:377
bind
Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-001-01
bind
Source: CCN
Type: RHSA-2001-007
Updated bind packages available
Source: CCN
Type: TurboLinux Security Announcement TLSA2001004-1
[TL-Security-Announce] Bind-8.2.3-2 TLSA2001004-1
Source: CCN
Type: Sun Alert ID: 26965
Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root)
Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00204
BIND
Source: CCN
Type: CERT Advisory CA-2001-02
Multiple Vulnerabilities in BIND
Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2001-02
Source: CCN
Type: CERT Incident Note IN-2001-03
Exploitation of BIND Vulnerabilities
Source: CCN
Type: CIAC Information Bulletin L-030
Four Vulnerabilities in ISC BIND
Source: CCN
Type: CIAC Information Bulletin L-127
Sun BIND Vulnerabilities
Source: DEBIAN
Type: UNKNOWN
DSA-026
Source: DEBIAN
Type: DSA-026
bind -- buffer overflows and information leak
Source: CCN
Type: Internet Software Consortium (ISC) Web site
BIND Vulnerabilities
Source: CCN
Type: Internet Security Systems Security Alert #72
Remote Vulnerabilities in BIND versions 4 and 8
Source: CCN
Type: US-CERT VU#325431
Queries to ISC BIND servers may disclose environment variables
Source: NAI
Type: UNKNOWN
20010129 Vulnerabilities in BIND 4 and 8
Source: CCN
Type: OSVDB ID: 1751
ISC BIND Environment Variable Information Disclosure
Source: REDHAT
Type: UNKNOWN
RHSA-2001:007
Source: BID
Type: UNKNOWN
2321
Source: CCN
Type: BID-2321
ISC BIND Internal Memory Disclosure Vulnerability
Source: CCN
Type: Slackware Security Advisory-1121
multiple vulnerabilities in bind 8.x
Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:017
bind update
Source: XF
Type: UNKNOWN
bind-inverse-query-disclosure(6018)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*
Configuration CCN 1:
cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*OR cpe:/a:isc:bind:8.1.2:*:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*OR cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*AND cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*OR cpe:/o:turbolinux:turbolinux:*:*:*:*:*:*:*:*OR cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:-:*:*:*:*:*:*:*OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*OR cpe:/o:trustix:secure_linux:-:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |