Executive Summary

Informations
Name CVE-2002-1219 First vendor Publication 2002-11-29
Vendor Cve Last vendor Modification 2018-05-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1219

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2539
 
Oval ID: oval:org.mitre.oval:def:2539
Title: BIND SIG Resource Records Buffer Overflow
Description: Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
Family: unix Class: vulnerability
Reference(s): CVE-2002-1219
Version: 1
Platform(s): Sun Solaris 7
Product(s): Bind
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 17
Os 4
Os 3

OpenVAS Exploits

Date Description
2009-05-05 Name : HP-UX Update for BIND HPSBUX00233
File : nvt/gb_hp_ux_HPSBUX00233.nasl
2008-01-17 Name : Debian Security Advisory DSA 196-1 (bind)
File : nvt/deb_196_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
869 ISC BIND named SIG Resource Server Response RR Overflow

This system appears to be running a version of BIND that is vulnerable to a remote buffer overflow in the code that creates response messages for SIG record requests. This vulnerability affects BIND versions 4.9.5 to 4.9.10, as well versions 8.1 to 8.3.3.

Nessus® Vulnerability Scanner

Date Description
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-196.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2002_044.nasl - Type : ACT_GATHER_INFO
2002-11-12 Name : It is possible to use the remote name server to execute arbitrary code on the...
File : bind_sig_cached_rr_overflow.nasl - Type : ACT_GATHER_INFO
2002-03-08 Name : It is possible to use the remote name server to break into the remote host.
File : bind_dnsstorm.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
BID http://www.securityfocus.com/bid/6160
BUGTRAQ http://marc.info/?l=bugtraq&m=103713117612842&w=2
http://marc.info/?l=bugtraq&m=103763574715133&w=2
http://online.securityfocus.com/archive/1/300019
CERT http://www.cert.org/advisories/CA-2002-31.html
CERT-VN http://www.kb.cert.org/vuls/id/852283
CIAC http://www.ciac.org/ciac/bulletins/n-013.shtml
COMPAQ http://online.securityfocus.com/advisories/4999
CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
CONFIRM http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
http://www.isc.org/products/BIND/bind-security.html
DEBIAN http://www.debian.org/security/2002/dsa-196
ISS http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
MANDRAKE http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SGI ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/10304

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Date Informations
2024-02-02 01:02:05
  • Multiple Updates
2024-02-01 12:01:22
  • Multiple Updates
2023-09-05 12:01:59
  • Multiple Updates
2023-09-05 01:01:14
  • Multiple Updates
2023-09-02 12:02:00
  • Multiple Updates
2023-09-02 01:01:14
  • Multiple Updates
2023-08-12 12:02:23
  • Multiple Updates
2023-08-12 01:01:14
  • Multiple Updates
2023-08-11 12:02:05
  • Multiple Updates
2023-08-11 01:01:15
  • Multiple Updates
2023-08-06 12:01:55
  • Multiple Updates
2023-08-06 01:01:15
  • Multiple Updates
2023-08-04 12:01:59
  • Multiple Updates
2023-08-04 01:01:15
  • Multiple Updates
2023-07-14 12:01:57
  • Multiple Updates
2023-07-14 01:01:15
  • Multiple Updates
2023-03-29 01:01:56
  • Multiple Updates
2023-03-28 12:01:20
  • Multiple Updates
2022-10-11 12:01:45
  • Multiple Updates
2022-10-11 01:01:08
  • Multiple Updates
2021-05-04 12:01:46
  • Multiple Updates
2021-04-22 01:01:54
  • Multiple Updates
2020-12-10 12:01:16
  • Multiple Updates
2020-05-23 00:15:06
  • Multiple Updates
2019-03-19 12:01:32
  • Multiple Updates
2018-05-03 09:19:25
  • Multiple Updates
2016-10-18 12:01:04
  • Multiple Updates
2016-04-26 12:16:41
  • Multiple Updates
2014-02-17 10:25:10
  • Multiple Updates
2013-05-11 12:12:07
  • Multiple Updates