CVE-2002-0029
Summary
| CVE | CVE-2002-0029 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-11-29 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Astaro | Security Linux | 2.0.23 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.24 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.25 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.26 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.27 | All | All | All |
| Operating System | Astaro | Security Linux | 2.0.30 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.0 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.10 | All | All | All |
| Operating System | Astaro | Security Linux | 3.2.11 | All | All | All |
| Application | Isc | Bind | 4.9.10 | All | All | All |
| Application | Isc | Bind | 4.9.2 | All | All | All |
| Application | Isc | Bind | 4.9.3 | All | All | All |
| Application | Isc | Bind | 4.9.4 | All | All | All |
| Application | Isc | Bind | 4.9.5 | All | All | All |
| Application | Isc | Bind | 4.9.6 | All | All | All |
| Application | Isc | Bind | 4.9.7 | All | All | All |
| Application | Isc | Bind | 4.9.8 | All | All | All |
| Application | Isc | Bind | 4.9.9 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND | af854a3a-2127-422b-91ae-364da2661108 | www.cert.org | Patch, Third Party Advisory, US Government Resource |
| ISS X-Force Database: bind-dns-libresolv-bo (10624): ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | Vendor Advisory |
| CERT/CC Vulnerability Note VU#844360 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| Internet Software Consortium: BIND Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.isc.org | Patch, Vendor Advisory |
| ISC BIND DNS Resolver Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Security Update 2002-11-21 is available | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc | af854a3a-2127-422b-91ae-364da2661108 | ftp.netbsd.org | |
| patches.sgi.com/support/free/security/advisories/20021201-01-P | af854a3a-2127-422b-91ae-364da2661108 | patches.sgi.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.