ID CVE-1999-0849
Type cve
Reporter cve@mitre.org
Modified 2008-09-09T12:36:00
Description
Denial of service in BIND named via maxdname.
{"id": "CVE-1999-0849", "bulletinFamily": "NVD", "title": "CVE-1999-0849", "description": "Denial of service in BIND named via maxdname.", "published": "1999-11-10T05:00:00", "modified": "2008-09-09T12:36:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0849", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/788", "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194", "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt"], "cvelist": ["CVE-1999-0849"], "type": "cve", "lastseen": "2021-02-02T05:19:01", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:34749"]}, {"type": "nessus", "idList": ["BIND_VULNERABLE.NASL"]}], "modified": "2021-02-02T05:19:01", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-02-02T05:19:01", "rev": 2}, "vulnersScore": 5.0}, "cpe": ["cpe:/a:isc:bind:4.9.6", "cpe:/a:isc:bind:8.1", "cpe:/a:isc:bind:8.2", "cpe:/a:isc:bind:4.9.5", "cpe:/a:isc:bind:8.2.1", "cpe:/a:isc:bind:4.9.7", "cpe:/a:isc:bind:8.1.1"], "affectedSoftware": [{"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.1"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.1.1"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.2.1"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "4.9.7"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "4.9.5"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "4.9.5"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "4.9.6"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.2"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "788", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/788"}, {"name": "00194", "refsource": "SUN", "tags": [], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194"}, {"name": "CSSA-1999-034.1", "refsource": "CALDERA", "tags": [], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt"}]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-1999-0849"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 34750](https://vulners.com/osvdb/OSVDB:34750)\nRedHat RHSA: RHSA-1999:054-01\nOther Advisory URL: ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt\n[CVE-1999-0849](https://vulners.com/cve/CVE-1999-0849)\nBugtraq ID: 788\n", "edition": 1, "modified": "1999-11-11T14:28:57", "published": "1999-11-11T14:28:57", "href": "https://vulners.com/osvdb/OSVDB:34749", "id": "OSVDB:34749", "title": "ISC BIND named maxdname DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-03-01T01:25:27", "description": "The remote BIND server, according to its version number, is vulnerable to \nseveral attacks that could allow an attacker to execute arbitrary code on \nthe remote host.", "edition": 25, "published": "1999-11-11T00:00:00", "title": "ISC BIND < 4.9.7-REL / 8.2.2-P5 Multiple Remote Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0851", "CVE-1999-0833", "CVE-1999-0837", "CVE-1999-0835", "CVE-1999-0849", "CVE-1999-0848"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND_VULNERABLE.NASL", "href": "https://www.tenable.com/plugins/nessus/10029", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(10029);\n script_version(\"1.37\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-1999-0833\", \"CVE-1999-0835\", \"CVE-1999-0837\", \"CVE-1999-0848\", \"CVE-1999-0849\", \"CVE-1999-0851\");\n script_bugtraq_id(788);\n script_xref(name:\"CERT-CC\", value:\"CA-1999-14\");\n \n script_name(english:\"ISC BIND < 4.9.7-REL / 8.2.2-P5 Multiple Remote Vulnerabilities\");\n script_summary(english:\"Checks the remote BIND version\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to use the remote name server to execute arbitrary code on\nthe remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote BIND server, according to its version number, is vulnerable to \nseveral attacks that could allow an attacker to execute arbitrary code on \nthe remote host.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to BIND 8.2.2-P5 / 4.9.7-REL.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"1999/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"1999/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.\");\n script_family(english:\"DNS\");\n script_dependencie(\"bind_version.nasl\");\n script_require_keys(\"bind/version\");\n exit(0);\n}\n\nvers = string(get_kb_item(\"bind/version\"));\nif(!vers)exit(0);\n\nif(vers[0] == \"4\") \n{ \n if(ereg(string:vers, pattern:\"^4\\.([0-8]\\..*|9\\.[0-6]([^0-9]|$))\"))\n {\n security_hole(53);\n exit(0);\n }\n}\nelse\n if(ereg(string:vers, pattern:\"^8\\.([01]\\..*|2\\.([01].*|2-P[0-2]))\"))\n \tsecurity_hole(53);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
