Lucene search

[email protected]CVE-2002-2211

HistoryMay 23, 2006 - 4:00 p.m.

CVE-2002-2211

2006-05-2316:00:00

[email protected]

web.nvd.nist.gov

bind

dns

cache poisoning

vulnerability

cve-2002-2211

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.8%

JSON

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Affected configurations

NVD

Node

iscbindMatch4.9

iscbindMatch4.9.2

iscbindMatch4.9.3

iscbindMatch4.9.4

iscbindMatch4.9.5

iscbindMatch4.9.5p1

iscbindMatch4.9.6

iscbindMatch4.9.7

iscbindMatch4.9.8

iscbindMatch4.9.9

iscbindMatch4.9.10

iscbindMatch8.2

iscbindMatch8.2.1

iscbindMatch8.2.2

iscbindMatch8.2.2p1

iscbindMatch8.2.2p2

iscbindMatch8.2.2p3

iscbindMatch8.2.2p4

iscbindMatch8.2.2p5

iscbindMatch8.2.2p6

iscbindMatch8.2.2p7

iscbindMatch8.2.3

iscbindMatch8.2.4

iscbindMatch8.2.5

iscbindMatch8.2.6

iscbindMatch8.2.7

iscbindMatch8.3.0

iscbindMatch8.3.1

iscbindMatch8.3.2

iscbindMatch8.3.3

iscbindMatch8.3.4

CPENameOperatorVersion
isc:bindisc bindeq4.9
isc:bindisc bindeq4.9.2
isc:bindisc bindeq4.9.3
isc:bindisc bindeq4.9.4
isc:bindisc bindeq4.9.5
isc:bindisc bindeq4.9.6
isc:bindisc bindeq4.9.7
isc:bindisc bindeq4.9.8
isc:bindisc bindeq4.9.9
isc:bindisc bindeq4.9.10

CPE	Name	Operator	Version
isc:bind	isc bind	eq	4.9
isc:bind	isc bind	eq	4.9.2
isc:bind	isc bind	eq	4.9.3
isc:bind	isc bind	eq	4.9.4
isc:bind	isc bind	eq	4.9.5
isc:bind	isc bind	eq	4.9.6
isc:bind	isc bind	eq	4.9.7
isc:bind	isc bind	eq	4.9.8
isc:bind	isc bind	eq	4.9.9
isc:bind	isc bind	eq	4.9.10

Rows per page:

1-10 of 231

References

lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html

secunia.com/advisories/20217

www.imconf.net/imw-2002/imw2002-papers/198.pdf

www.kb.cert.org/vuls/id/457875

www.kb.cert.org/vuls/id/IAFY-5FDPYP

www.kb.cert.org/vuls/id/IAFY-5FDT4U

www.kb.cert.org/vuls/id/IAFY-5FZSLQ

www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html

www.securityfocus.com/archive/1/434523/100/0/threaded

www.vupen.com/english/advisories/2006/1923

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2002-2211

debiancve1 cvelist1 nvd1 securityvulns1