Lucene search

MitreCVE-2002-2213

HistoryMay 23, 2006 - 4:00 p.m.

CVE-2002-2213

2006-05-2316:00:00

mitre

web.nvd.nist.gov

dns resolver

infoblox dns one

remote attackers

cache poisoning

birthday attack

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Affected configurations

Nvd

Node

infobloxdns_one

iscbindMatch4.9

iscbindMatch4.9.2

iscbindMatch4.9.3

iscbindMatch4.9.4

iscbindMatch4.9.5

iscbindMatch4.9.5p1

iscbindMatch4.9.6

iscbindMatch4.9.7

iscbindMatch4.9.8

iscbindMatch4.9.9

iscbindMatch4.9.10

iscbindMatch8.2

iscbindMatch8.2.1

iscbindMatch8.2.2

iscbindMatch8.2.2p1

iscbindMatch8.2.2p2

iscbindMatch8.2.2p3

iscbindMatch8.2.2p4

iscbindMatch8.2.2p5

iscbindMatch8.2.2p6

iscbindMatch8.2.2p7

iscbindMatch8.2.3

iscbindMatch8.2.4

iscbindMatch8.2.5

iscbindMatch8.2.6

iscbindMatch8.2.7

iscbindMatch8.3.0

iscbindMatch8.3.1

iscbindMatch8.3.2

iscbindMatch8.3.3

iscbindMatch8.3.4

VendorProductVersionCPE
infobloxdns_one*cpe:2.3:a:infoblox:dns_one:*:*:*:*:*:*:*:*
iscbind4.9cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
iscbind4.9.2cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
iscbind4.9.3cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
iscbind4.9.4cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
iscbind4.9.5cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
iscbind4.9.5cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
iscbind4.9.6cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
iscbind4.9.7cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
iscbind4.9.8cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infoblox	dns_one	*	cpe:2.3:a:infoblox:dns_one::::::::
isc	bind	4.9	cpe:2.3:a:isc:bind:4.9:::::::*
isc	bind	4.9.2	cpe:2.3:a:isc:bind:4.9.2:::::::*
isc	bind	4.9.3	cpe:2.3:a:isc:bind:4.9.3:::::::*
isc	bind	4.9.4	cpe:2.3:a:isc:bind:4.9.4:::::::*
isc	bind	4.9.5	cpe:2.3:a:isc:bind:4.9.5:::::::*
isc	bind	4.9.5	cpe:2.3:a:isc:bind:4.9.5:p1::::::
isc	bind	4.9.6	cpe:2.3:a:isc:bind:4.9.6:::::::*
isc	bind	4.9.7	cpe:2.3:a:isc:bind:4.9.7:::::::*
isc	bind	4.9.8	cpe:2.3:a:isc:bind:4.9.8:::::::*

Rows per page:

1-10 of 321

References

www.imconf.net/imw-2002/imw2002-papers/198.pdf

www.kb.cert.org/vuls/id/457875

www.kb.cert.org/vuls/id/IAFY-5FDPYJ

www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2002-2213