Executive Summary

Informations
NameCVE-2002-1219First vendor Publication2002-11-29
VendorCveLast vendor Modification2018-05-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1219

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2539
 
Oval ID: oval:org.mitre.oval:def:2539
Title: BIND SIG Resource Records Buffer Overflow
Description: Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
Family: unix Class: vulnerability
Reference(s): CVE-2002-1219
Version: 1
Platform(s): Sun Solaris 7
Product(s): Bind
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application17
Os4
Os3

OpenVAS Exploits

DateDescription
2009-05-05Name : HP-UX Update for BIND HPSBUX00233
File : nvt/gb_hp_ux_HPSBUX00233.nasl
2008-01-17Name : Debian Security Advisory DSA 196-1 (bind)
File : nvt/deb_196_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
869ISC BIND named SIG Resource Server Response RR Overflow

Nessus® Vulnerability Scanner

DateDescription
2004-09-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-196.nasl - Type : ACT_GATHER_INFO
2004-07-25Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2002_044.nasl - Type : ACT_GATHER_INFO
2002-11-12Name : It is possible to use the remote name server to execute arbitrary code on the...
File : bind_sig_cached_rr_overflow.nasl - Type : ACT_GATHER_INFO
2002-03-08Name : It is possible to use the remote name server to break into the remote host.
File : bind_dnsstorm.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
BID http://www.securityfocus.com/bid/6160
BUGTRAQ http://marc.info/?l=bugtraq&m=103713117612842&w=2
http://marc.info/?l=bugtraq&m=103763574715133&w=2
http://online.securityfocus.com/archive/1/300019
CERT http://www.cert.org/advisories/CA-2002-31.html
CERT-VN http://www.kb.cert.org/vuls/id/852283
CIAC http://www.ciac.org/ciac/bulletins/n-013.shtml
COMPAQ http://online.securityfocus.com/advisories/4999
CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
CONFIRM http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
http://www.isc.org/products/BIND/bind-security.html
DEBIAN http://www.debian.org/security/2002/dsa-196
ISS http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
MANDRAKE http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
SGI ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/10304

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2019-03-19 12:01:32
  • Multiple Updates
2018-05-03 09:19:25
  • Multiple Updates
2016-10-18 12:01:04
  • Multiple Updates
2016-04-26 12:16:41
  • Multiple Updates
2014-02-17 10:25:10
  • Multiple Updates
2013-05-11 12:12:07
  • Multiple Updates