CVE-2002-0029
Summary
| CVE | CVE-2002-0029 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-11-29 05:00:00 UTC |
| Updated | 2008-09-10 19:11:00 UTC |
| Description | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Astaro | Security Linux | 2.0.23 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.24 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.25 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.26 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.27 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.30 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.0 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.10 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.11 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.23 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.24 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.25 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.26 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.27 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.30 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.0 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.10 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.11 | All | All | All |
| Application | Isc | Bind | 4.9.10 | All | All | All |
| Application | Isc | Bind | 4.9.2 | All | All | All |
| Application | Isc | Bind | 4.9.3 | All | All | All |
| Application | Isc | Bind | 4.9.4 | All | All | All |
| Application | Isc | Bind | 4.9.5 | All | All | All |
| Application | Isc | Bind | 4.9.6 | All | All | All |
| Application | Isc | Bind | 4.9.7 | All | All | All |
| Application | Isc | Bind | 4.9.8 | All | All | All |
| Application | Isc | Bind | 4.9.9 | All | All | All |
| Application | Isc | Bind | 4.9.10 | All | All | All |
| Application | Isc | Bind | 4.9.2 | All | All | All |
| Application | Isc | Bind | 4.9.3 | All | All | All |
| Application | Isc | Bind | 4.9.4 | All | All | All |
| Application | Isc | Bind | 4.9.5 | All | All | All |
| Application | Isc | Bind | 4.9.6 | All | All | All |
| Application | Isc | Bind | 4.9.7 | All | All | All |
| Application | Isc | Bind | 4.9.8 | All | All | All |
| Application | Isc | Bind | 4.9.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20021201-01-P | SGI | patches.sgi.com | |
| CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND | CERT | www.cert.org | Patch, Third Party Advisory, US Government Resource |
| ISS X-Force Database: bind-dns-libresolv-bo (10624): ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows | XF | www.iss.net | Vendor Advisory |
| Internet Software Consortium: BIND Vulnerabilities | CONFIRM | www.isc.org | Patch, Vendor Advisory |
| ISC BIND DNS Resolver Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| Security Update 2002-11-21 is available | APPLE | lists.apple.com | |
| NetBSD-SA2002-028 | NETBSD | ftp.netbsd.org | |
| CERT/CC Vulnerability Note VU#844360 | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.