Vulnerabilities > CVE-2001-0013 - Unspecified vulnerability in ISC Bind

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
isc
nessus
NVD
Published: 2001-02-12
Updated: 2024-11-20

Summary

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Vulnerable Configurations

Part Description Count
Application
Isc
5

Nessus

NASL familyDNS
NASL idBIND_COVERT_OVERFLOWS.NASL
descriptionThe remote BIND server, according to its version number, is affected by various buffer overflow vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id10605
published2001-01-29
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10605
titleISC BIND < 4.9.8 / 8.2.3 Multiple Remote Overflows
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
 script_id(10605);
 script_version("1.29");
 script_cvs_date("Date: 2018/06/27 18:42:25");

 script_bugtraq_id(2302, 2307, 2309, 2321);
 script_cve_id("CVE-2001-0010", "CVE-2001-0011", "CVE-2001-0012", "CVE-2001-0013");
 
 script_name(english:"ISC BIND < 4.9.8 / 8.2.3 Multiple Remote Overflows");
 script_summary(english:"Checks the remote BIND version");
 
 script_set_attribute(attribute:"synopsis", value:
"It is possible to use the remote name server to break into the 
remote host." );
 script_set_attribute(attribute:"description", value:
"The remote BIND server, according to its version number, is affected
by various buffer overflow vulnerabilities that may allow an attacker
to execute arbitrary code on the remote host." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to BIND 8.2.3 or 4.9.8" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2001/01/29");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/29");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english: "DNS");
 script_dependencie("bind_version.nasl");
 script_require_keys("bind/version");
 exit(0);
}

vers = get_kb_item("bind/version");
if(!vers)exit(0);
if(ereg(string:vers,
	 pattern:"^8\.(([0-1].*)|(2\.[0-2])).*"))security_hole(53);

if(ereg(string:vers,
    	pattern:"^4\.([0-8]|9\.[0-7]([^0-9]|$)).*"))security_hole(53);

Redhat

advisories
rhsa
idRHSA-2001:007

References