5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.034 Low
EPSS
Percentile
91.5%
A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). A buffer overflow error exists in the handling of the q_usedns
array used by the server to track nameservers and addresses that have been queried. This vulnerability only affects BIND versions 8.4.4 and 8.4.5.
A remote attacker may be able to cause the name server daemon to crash, thereby causing a denial of service for DNS operations.
Apply a patch from the vendor
Patches have been released in response to this issue. Please see the Systems Affected section of this document.
Upgrade
Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to BIND version 8.4.6 which includes a patch for this issue.
Workarounds
ISC recommends that users who are unable to apply the patch disable recursion and glue fetching.
327633
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 17, 2005 Updated: January 25, 2005
Affected
It seems that Debian stable is not vulnerable to either vulnerability and Debian testing/unstable is only vulnerable to CAN-2005-033 (VU#327633). The versions included are too old and the vulnerability does not seem to be present in the older versions indeed.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Updated: January 25, 2005
Affected
Workaround:
Disable recursion and glue fetching.
Fix:
Upgrade to BIND 8.4.6
<http://www.isc.org/sw/bind/>
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: March 18, 2005
Not Affected
Mac OS X 10.2, Mac OS X Server 10.2, and later do not contain this issue as the DNS packages distributed are not susceptible to the vulnerability described in this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Check Point products are not vulnerable to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 20, 2005
Not Affected
NOT VULNERABLE Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
The AIX Operating System is not vulnerable to the issues discussed in CERT Vulnerability Notes VU#938617, VU#327633 or any Technical Cyber Security Alerts related to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Juniper Networks products are not susceptible to this vulnerability
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 31, 2005
Not Affected
Mandrakesoft has fixed VU#938617 in advisory MDKSA-2005:023. We do not
ship any products with BIND 8 so are not vulnerable to VU#327633.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: March 18, 2005
Not Affected
* NEC products are NOT susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 18, 2005
Not Affected
Red Hat Enterprise Linux ships with a BIND package, however we have verified
that the versions included in Red Hat Enterprise Linux are not vulnerable to
these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Sun is not affected by either of these vulnerabilities. No version of
Solaris ships with any of the affected versions of BIND and the Sun Java
Desktop System (Linux) doesn't ship an affected version of BIND either.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: February 01, 2005
Unknown
`For information related to this and other published CERT
Advisories that may relate to the IBM eServer Platforms (xSeries,
iSeries, pSeries, and zSeries) please go to
[https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=](<https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=>)
In order to access this information you will require a Resource Link ID.
To subscribe to Resource Link go to
<http://app-06.www.ibm.com/servers/resourcelink>
and follow the steps for registration.
All questions should be refferred to [email protected].`
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: February 04, 2005 Updated: February 04, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23327633 Feedback>).
View all 47 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Joao Damas of the Internet Systems Consortium for reporting this vulnerability.
This document was written by Chad Dougherty based on information provided by ISC.
CVE IDs: | CVE-2005-0033 |
---|---|
Severity Metric: | 1.91 Date Public: |