CVE-2002-0029

Sažetak

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
http://www.cert.org/advisories/CA-2002-31.html
http://www.isc.org/products/BIND/bind-security.html
http://www.iss.net/security_center/static/10624.php
http://www.kb.cert.org/vuls/id/844360
http://www.securityfocus.com/bid/6186

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-09-2008 - 19:11

Objavljeno

29-11-2002 - 05:00