Vulnerability Name: CVE-2002-1219 (CCN-10304) Assigned: 2002-11-12 Published: 2002-11-12 Updated: 2018-05-03 Summary: Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNmultiple vulnerabilities in BIND [REVISED] 20021201-01-P named(8) multiple denial of service and remote execution of code Remote vulnerabilities in the BIND DNS server Potential BIND Security Vulnerabilities Multiple Remote Vulnerabilities in BIND4 and BIND8 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 CVE-2002-1219 CLA-2002:546 2002-11-21 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] 20021118 TSLSA-2002-0076 - bind [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] SSRT2408 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Security vulnerabilities in BIND and libresolv (CERT CA-2002-31) http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 Multiple Vulnerabilities in BIND CA-2002-31 ISC Remote Vulnerabilities in BIND4 and BIND8 N-013 DSA-196 bind -- several vulnerabilities Internet Software Consortium - BIND http://www.isc.org/products/BIND/bind-security.html Cached malformed SIG record buffer overflow VU#852283 MDKSA-2002:077 buffer overflow, DoS attacks Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple Remote Vulnerabilities in BIND "Multiple Vulnerabilities in ISC BIND versions 4 and 8" BIND ISC BIND named SIG Resource Server Response RR Overflow 6160 ISC BIND SIG Cached Resource Record Buffer Overflow Vulnerability Remote exploit bind-sig-rr-bo(10304) bind-sig-rr-bo(10304) oval:org.mitre.oval:def:2539 bind8: remote command execution Vulnerable Configuration: Configuration 1 :cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.8:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.9:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.10:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2:-:*:*:*:*:*:* OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:* OR cpe:/a:isc:bind:8.2.3:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.4:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.5:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.6:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.0:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.1:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.2:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.3:*:*:*:-:*:*:* Configuration 2 :cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.7:-:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.0:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:* OR cpe:/a:isc:bind:8.2:-:*:*:*:*:*:* OR cpe:/a:isc:bind:8.2.1:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.5:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.6:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.7:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.2:-:*:*:*:*:*:* OR cpe:/a:isc:bind:8.3.3:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.2:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.1:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.3.0:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.6:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.5:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.4:*:*:*:-:*:*:* OR cpe:/a:isc:bind:8.2.3:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.8:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.9:*:*:*:-:*:*:* OR cpe:/a:isc:bind:4.9.10:*:*:*:-:*:*:* AND cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:* OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:8.0:beta:*:*:*:*:*:* OR cpe:/o:ibm:aix:4:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:1.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.6:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:1.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:current:*:*:*:*:*:*:* OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:* Oval Definitions BACK
isc bind 4.9.5
isc bind 4.9.6
isc bind 4.9.7
isc bind 4.9.8
isc bind 4.9.9
isc bind 4.9.10
isc bind 8.2
isc bind 8.2.1
isc bind 8.2.2
isc bind 8.2.3
isc bind 8.2.4
isc bind 8.2.5
isc bind 8.2.6
isc bind 8.3.0
isc bind 8.3.1
isc bind 8.3.2
isc bind 8.3.3
freebsd freebsd 4.4
freebsd freebsd 4.5
freebsd freebsd 4.6
freebsd freebsd 4.7
openbsd openbsd 3.0
openbsd openbsd 3.1
openbsd openbsd 3.2
hp hp-ux 10.20
isc bind 8.2
isc bind 8.2.1
isc bind 4.9.5
isc bind 4.9.6
isc bind 4.9.7
isc bind 8.2.2
isc bind 8.3.3
isc bind 8.3.2
isc bind 8.3.1
isc bind 8.3.0
isc bind 8.2.6
isc bind 8.2.5
isc bind 8.2.4
isc bind 8.2.3
isc bind 4.9.8
isc bind 4.9.9
isc bind 4.9.10
freebsd freebsd *
sun solaris 2.6
sun solaris 8.0 beta
ibm aix 4
hp hp-ux 11
debian debian linux 2.2
trustix secure linux 1.1
redhat linux 7
mandrakesoft mandrake linux 7.2
netbsd netbsd 1.5
suse suse linux 7.0
conectiva linux 6.0
suse suse linux 7.1
redhat linux 7.1
trustix secure linux 1.2
mandrakesoft mandrake single network firewall 7.2
suse suse linux 7.2
trustix secure linux 1.5
netbsd netbsd 1.5.1
redhat linux 7.2
suse suse linux 7.3
netbsd netbsd 1.5.2
engardelinux secure linux -
suse suse linux database server *
suse suse email server iii
suse suse linux connectivity server *
openpkg openpkg 1.0
suse suse linux 8.0
redhat linux 7.3
debian debian linux 3.0
engardelinux secure professional -
suse suse linux office server *
netbsd netbsd 1.5.3
netbsd netbsd 1.6
openpkg openpkg 1.1
suse suse linux 8.1
netbsd netbsd current
sun solaris 7.0
Denotes that component is vulnerable