CERTVU:229595Overly large OPT record assertion
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.152 Low
EPSS
Percentile
95.9%
Overview
A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited.
Description
A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC’s description of this vulnerability states:
When constucting [sic] a response a NXDOMAIN response to a ENDS query with a large UDP size it is possible to trigger an assertion.
Impact
The BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries.
Solution
Apply a patch from your vendor. In the absence of a patch, you may wish to consider ISC’s recommendation, which is upgrading to “BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9.” Additionally, ISC indicates, “BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4.”
Disable recursion if possible.
Vendor Information
229595
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Apple Computer Inc. __ Affected
Notified: November 12, 2002 Updated: February 26, 2003
Status
Affected
Vendor Statement
Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3
Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server
This is addressed in Security Update 2002-11-21
<http://www.apple.com/support/security/security_updates.html>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Hewlett-Packard Company __ Affected
Notified: November 12, 2002 Updated: February 24, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
IBM __ Affected
Notified: November 12, 2002 Updated: December 09, 2002
Status
Affected
Vendor Statement
The AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL:
ftp://ftp.software.ibm.com/aix/efixes/security/dns_named_efix.tar.Z
In the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure.
The following APARs will be available in the near future:
AIX 4.3.3 APAR IY37088 (available approx 11/27/2002)
AIX 5.1.0 APAR IY37019 (available approx 12/18/2002)
AIX 5.2.0 APAR TBA (available approx TBA)
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Red Hat Inc. __ Affected
Notified: November 12, 2002 Updated: November 12, 2002
Status
Affected
Vendor Statement
Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues.
All users who have BIND installed should ensure that they are running these updated versions of BIND.
<http://rhn.redhat.com/errata/RHSA-2002-133.html> Red Hat Linux
<http://rhn.redhat.com/errata/RHSA-2002-119.html> Advanced Server 2.1
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
The OpenPKG Project __ Affected
Updated: November 19, 2002
Status
Affected
Vendor Statement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
________________________________________________________________________
`OpenPKG Security Advisory The OpenPKG Project
<http://www.openpkg.org/security.html> <http://www.openpkg.org>
[email protected] [email protected]
OpenPKG-SA-2002.011 15-Nov-2002
Package: bind, bind8
Vulnerability: denial of service, arbitrary code execution
OpenPKG Specific: no
Dependent Packages: none
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG 1.0 <= bind-8.2.6-1.0.1 >= bind-8.2.6-1.0.2
OpenPKG 1.1 <= bind8-8.3.3-1.1.0 >= bind8-8.3.3-1.1.1
OpenPKG CURRENT <= bind8-8.3.3-2002082 >= bind8-8.3.3-20021114
Description:
The Internet Software Consortium (ISC) [1] has discovered or has been
notified of several bugs which can result in vulnerabilities of varying
levels of severity in BIND [2][3]. These problems include buffer overflows,
stack revealing, divide by zero, null pointer dereferencing, and more [4].
A subset of these vulnerabilities exist in the BIND packages distributed by
OpenPKG.
Please check whether you are affected by running “<prefix>/bin/rpm -qa |
grep bind”. If you have an affected version of the “bind” or “bind8” package
(see above), upgrade it according to the solution below.
Workaround:
Because disabling recursion or disabling DNSSEC is a workaround to only a
subset of the aforementioned problems, it is not a recommended aproach.
Solution:
Since these vulnerabilities do not exist in BIND version 9.2.1, one solution
simply involves upgrading to it. The packages bind-9.2.1-1.1.0 in OpenPKG
1.1 [5], and bind-9.2.1-20021111 in OpenPKG CURRENT [6] are both candidates
in this respect. Be warned that although such later versions of BIND are
stable, there exist large differences between BIND 8 and BIND 9 software.
A lighter approach involves updating existing packages to newly patched
versions of BIND 8. Select the updated source RPM appropriate
for your OpenPKG release [7][8][9], and fetch it from the OpenPKG FTP service
or a mirror location. Verify its integrity [10], build a corresponding
binary RPM from it and update your OpenPKG installation by applying the
binary RPM [11]. For the latest OpenPKG 1.1 release, perform the following
operations to permanently fix the security problem (for other releases
adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get bind8-8.3.3-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig bind8-8.3.3-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild bind8-8.3.3-1.1.1.src.rpm
$ su -
<prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/bind8-8.3.3-1.1.1.*.rpm
<prefix>/etc/rc bind8 stop start
References:
[1] <http://www.isc.org/>
[2] <http://www.isc.org/products/BIND/>
[3] <http://www.cert.org/advisories/CA-2002-31.html>
[4] <http://www.isc.org/products/BIND/bind-security.html>
[5] <ftp://ftp.openpkg.org/release/1.1/SRC/bind-9.2.1-1.1.0.src.rpm>
[6] <ftp://ftp.openpkg.org/current/SRC/bind-9.2.1-20021111.src.rpm>
[7] <ftp://ftp.openpkg.org/release/1.0/UPD/bind-8.2.6-1.0.2.src.rpm>
[8] <ftp://ftp.openpkg.org/release/1.1/UPD/bind8-8.3.3-1.1.1.src.rpm>
[9] <ftp://ftp.openpkg.org/current/SRC/bind8-8.3.3-20021114.src.rpm>
[10] <http://www.openpkg.org/security.html#signature>
[11] <http://www.openpkg.org/tutorial.html#regular-source>
For security reasons, this advisory was digitally signed with
the OpenPGP public key “OpenPKG <[email protected]>” (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
<http://www.openpkg.org/openpkg.pgp> or on <http://keyserver.pgp.com/>. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (<http://www.gnupg.org/>). For example, pipe this message to
the command “gpg --verify --keyserver keyserver.pgp.com”.
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <[email protected]>
iEYEARECAAYFAj3VOcwACgkQgHWT4GPEy5/vEACgmA+lr37ybByyTT7Q9ZBgzJAU
rvMAoOZMy6lDJryPLPg1NV+Wn21wE1qA
=gSdl
-----END PGP SIGNATURE-----`
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Trustix __ Affected
Updated: November 18, 2002
Status
Affected
Vendor Statement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0076
Package name: bind Summary: Remote exploit Date: 2002-11-15 Affected versions: TSL 1.1, 1.2, 1.5
- -------------------------------------------------------------------------- Package description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS).
Problem description: ISS X-Force has found a number of problems in all BIND 8 series up to and including 8.2.6 and 8.3.3. Two of these can cause BIND to crash causing a denial of service attack, whereas the last can be used to execute arbitary code on the victim.
Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.
Location: All TSL updates are available from <URI:``<http://www.trustix.net/pub/Trustix/updates/>``> <URI:``<ftp://ftp.trustix.net/pub/Trustix/updates/>``>
About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.
Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.
Get SWUP from: <URI:``<ftp://ftp.trustix.net/pub/Trustix/software/swup/>``>
Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:``<http://www.trustix.net/pub/Trustix/testing/>``> <URI:``<ftp://ftp.trustix.net/pub/Trustix/testing/>``>
Questions? Check out our mailing lists: <URI:``<http://www.trustix.net/support/>``>
Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:``<http://www.trustix.net/TSL-GPG-KEY>``>
The advisory itself is available from the errata pages at <URI:``<http://www.trustix.net/errata/trustix-1.2/>``> and <URI:``<http://www.trustix.net/errata/trustix-1.5/>``> or directly at <URI:``<http://www.trustix.net/errata/misc/2002/TSL-2002-0076-bind.asc.txt>``>
`MD5sums of the packages:
7ca823f5bdcda62354971ba527659f8f ./1.1/RPMS/bind-8.2.6-2tr.i586.rpm
97e22862a18c94181f004b2961474a61 ./1.1/RPMS/bind-devel-8.2.6-2tr.i586.rpm
1b3924c34061398f64906a41bc4e103e ./1.1/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.1/SRPMS/bind-8.2.6-2tr.src.rpm
979d763efbec95a6104b8df307a52ab2 ./1.2/RPMS/bind-8.2.6-2tr.i586.rpm
a219f2f92ea9f4cccb74c4ac9fcc8f69 ./1.2/RPMS/bind-devel-8.2.6-2tr.i586.rpm
cc97ab8e12caaff576063d150d7216e7 ./1.2/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.2/SRPMS/bind-8.2.6-2tr.src.rpm
aa38424ba1671b811aec3265e3764390 ./1.5/RPMS/bind-8.2.6-2tr.i586.rpm
74a18eed135150b64f62fb398d823175 ./1.5/RPMS/bind-devel-8.2.6-2tr.i586.rpm
74b1f15664668fcfa0da9b52f55d7745 ./1.5/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30 ./1.5/SRPMS/bind-8.2.6-2tr.src.rpm
`
Trustix Security Team
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see ``<http://www.gnupg.org>``
iD8DBQE92NuHwRTcg4BxxS0RAraRAJ0Q+GDhIUUv0gbgv91q1ZmnFqkTHACfaRST KUB6bSTouOiksfknm0Mc/6I= =brw5 -----END PGP SIGNATURE-----
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
MontaVista Software __ Not Affected
Notified: November 12, 2002 Updated: November 12, 2002
Status
Not Affected
Vendor Statement
MontaVista ships BIND 9, thus is not vulnerably to these advisories.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Nominum __ Not Affected
Updated: November 13, 2002
Status
Not Affected
Vendor Statement
Nominum “Foundation” Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum “Foundation” Caching Name Server (CNS) is not affected by this vulnerability. Nominum’s commercial DNS server products, which are part of Nominum “Foundation” IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Xerox Corporation __ Not Affected
Notified: November 12, 2002 Updated: May 30, 2003
Status
Not Affected
Vendor Statement
A response to this advisory is available from our web site: <http://www.xerox.com/security>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
3Com Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
AT&T Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Adns Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Aks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Alcatel __ Unknown
Notified: November 12, 2002 Updated: February 25, 2003
Status
Unknown
Vendor Statement
Following CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers’ networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Apache Software Foundation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Avaya Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
BSDi Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
BlueCat Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Check Point Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Cisco Systems Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Cistron Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Command Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Compaq Computer Corporation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Computer Associates Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Conectiva Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Covalent Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Cray Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
CyberSoft Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
D-Link Systems Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Data Fellows Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Data General Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Data General Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Debian Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Djbdns Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Engarde Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
F-Secure Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
F5 Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Finjan Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
FreeBSD Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
FreeRADIUS Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Fujitsu Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Funk Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
GFI Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
GNU glibc Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Heimdal Kerberos Project Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
InfoBlox Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Intel Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
InterSoft International Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Interlink Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Juniper Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
KTH Kerberos Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Lachman Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Lotus Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Lucent Technologies Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
MIT Kerberos Development Team Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Macromedia Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Madgoat Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
MandrakeSoft Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Men&Mice Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
MetaSolv Software Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Microsoft Corporation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Multinet Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NCFTP Software Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NCSA Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NEC Corporation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NET-SNMP Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NeXT Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
NetBSD Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Network Appliance Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Nixu Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Nokia Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Nortel Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Open Group Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
OpenBSD Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
OpenSSH Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Openwall GNU/*/Linux Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Oracle Corporation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Putty Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
RADIUSClient Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
RSA Security Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Riverstone Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
SGI Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sendmail Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sequent Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sequent Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
ShadowSupport Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sony Corporation Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sophos Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
SuSE Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Sun Microsystems Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Symantec Corporation Unknown
Notified: November 12, 2002 Updated: April 01, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
The SCO Group (SCO Linux) Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Threshold Networks Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Trend Micro Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Unisys Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Wind River Systems Inc. Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Wirex Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
XTRADIUS Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
Xi Graphics Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
YARD RADIUS Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
iPlanet Unknown
Notified: November 12, 2002 Updated: November 12, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229595 Feedback>).
View all 101 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>
- <http://www.isc.org/products/BIND/bind-security.html>
- <http://www.ciac.org/ciac/bulletins/n-013.shtml>
Acknowledgements
Internet Security Systems is credited for discovering this vulnerability.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2002-1220 |
|---|---|
| CERT Advisory: | CA-2002-31 Severity Metric: |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.152 Low
EPSS
Percentile
95.9%