Vulnerability Name:

CVE-2001-0012 (CCN-6018)

Assigned:2001-01-29
Published:2001-01-29
Updated:2008-09-10
Summary:BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:18
BIND remotely exploitable buffer overflow

Source: CCN
Type: SGI Security Advisory 20010401-01-P
IRIX BIND Vulnerabilities

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.13
OpenServer: BIND buffer overflows

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.16
UnixWare 7.1.1 : Multiple Vulnerabilities in BIND

Source: CCN
Type: BugTraq Mailing List, Mon Jan 29 2001 - 08:12:23 CST
bind

Source: CCN
Type: IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-2001:002.1
4 Vulnerabilities in BIND4 and BIND8

Source: CCN
Type: NetBSD Security Advisory 2001-001
Multiple BIND vulnerabilities

Source: MITRE
Type: CNA
CVE-2001-0012

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:377
bind

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-001-01
bind

Source: CCN
Type: RHSA-2001-007
Updated bind packages available

Source: CCN
Type: TurboLinux Security Announcement TLSA2001004-1
[TL-Security-Announce] Bind-8.2.3-2 TLSA2001004-1

Source: CCN
Type: Sun Alert ID: 26965
Vulnerabilities in the Domain Name System (DNS) 'in.named' Process May Allow Remote Access to Superuser (root)

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00204
BIND

Source: CCN
Type: CERT Advisory CA-2001-02
Multiple Vulnerabilities in BIND

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2001-02

Source: CCN
Type: CERT Incident Note IN-2001-03
Exploitation of BIND Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin L-030
Four Vulnerabilities in ISC BIND

Source: CCN
Type: CIAC Information Bulletin L-127
Sun BIND Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-026

Source: DEBIAN
Type: DSA-026
bind -- buffer overflows and information leak

Source: CCN
Type: Internet Software Consortium (ISC) Web site
BIND Vulnerabilities

Source: CCN
Type: Internet Security Systems Security Alert #72
Remote Vulnerabilities in BIND versions 4 and 8

Source: CCN
Type: US-CERT VU#325431
Queries to ISC BIND servers may disclose environment variables

Source: NAI
Type: UNKNOWN
20010129 Vulnerabilities in BIND 4 and 8

Source: CCN
Type: OSVDB ID: 1751
ISC BIND Environment Variable Information Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2001:007

Source: BID
Type: UNKNOWN
2321

Source: CCN
Type: BID-2321
ISC BIND Internal Memory Disclosure Vulnerability

Source: CCN
Type: Slackware Security Advisory-1121
multiple vulnerabilities in bind 8.x

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:017
bind update

Source: XF
Type: UNKNOWN
bind-inverse-query-disclosure(6018)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:8.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.5:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.1.2:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p7:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p5:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p3:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:4.9.3:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p6:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p4:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:8.2.2:p2:*:*:-:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc bind 4.9.3
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 8.2
    isc bind 8.2.1
    isc bind 8.2.2
    isc bind 8.2.2 p1
    isc bind 8.2.2 p2
    isc bind 8.2.2 p3
    isc bind 8.2.2 p4
    isc bind 8.2.2 p5
    isc bind 8.2.2 p6
    isc bind 8.2.2 p7
    isc bind 8.2
    isc bind 8.2.1
    isc bind 4.9.5
    isc bind 4.9.5 p1
    isc bind 4.9.6
    isc bind 4.9.7
    isc bind 8.1.2
    isc bind 8.2.2
    isc bind 8.2.2 p1
    isc bind 8.2.2 p7
    isc bind 8.2.2 p5
    isc bind 8.2.2 p3
    isc bind 4.9.3
    isc bind 8.2.2 p6
    isc bind 8.2.2 p4
    isc bind 8.2.2 p2
    freebsd freebsd *
    sun solaris 2.5.1
    sun solaris 2.6
    turbolinux turbolinux *
    slackware slackware linux *
    redhat linux 5.2
    sun solaris 8
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux -
    connectiva linux -
    redhat linux 7
    trustix secure linux -
    redhat linux 7.1
    redhat linux 7.2
    sun solaris 1.0
    redhat linux 7.3
    sun solaris 7.0