| Vulnerability Name: | CVE-2002-0400 (CCN-9250) | ||||||||
| Assigned: | 2002-06-04 | ||||||||
| Published: | 2002-06-04 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CALDERA Type: UNKNOWN CSSA-2002-SCO.24 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.24.1 REVISED: Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.24 Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability Source: HP Type: UNKNOWN HPSBUX0207-202 Source: MITRE Type: CNA CVE-2002-0400 Source: CONECTIVA Type: UNKNOWN CLA-2002:494 Source: CCN Type: Conectiva Linux Announcement CLSA-2002:494 bind Source: MANDRAKE Type: UNKNOWN MDKSA-2002:038 Source: CCN Type: National Infrastructure Protection Center Advisory 02-004 ISC BIND 9 DoS Vulnerability Source: CCN Type: RHSA-2002-105 Updated bind packages fix denial of service attack Source: CCN Type: RHSA-2002-119 bind security update Source: CCN Type: RHSA-2003-154 Updated bind packages fix buffer overflow in resolver library Source: CCN Type: CERT Advisory CA-2002-15 Denial-of-Service Vulnerability in ISC BIND 9 Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2002-15 Source: CONFIRM Type: UNKNOWN http://www.isc.org/index.pl?/sw/bind/bind-security.php Source: CCN Type: ICS Web site Internet Software Consortium - BIND 9.2.1 Source: XF Type: Vendor Advisory bind-findtype-dos(9250) Source: CCN Type: Internet Security Systems Security Alert #119 Remote Denial of Service Vulnerability in ISC BIND Source: CCN Type: US-CERT VU#739123 ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#739123 Source: SUSE Type: UNKNOWN SuSE-SA:2002:021 Source: REDHAT Type: UNKNOWN RHSA-2002:105 Source: REDHAT Type: UNKNOWN RHSA-2002:119 Source: REDHAT Type: UNKNOWN RHSA-2003:154 Source: BID Type: UNKNOWN 4936 Source: CCN Type: BID-4936 ISC BIND 9 Remote Denial Of Service Vulnerability Source: XF Type: UNKNOWN bind-findtype-dos(9250) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||