High

CVE-2002-0029 - Unspecified vulnerability in multiple products

Publication: 2002-11-29
Summary

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Astaro Security Linux 2.0.23
  • Astaro Security Linux 2.0.24
  • Astaro Security Linux 2.0.25
  • Astaro Security Linux 2.0.26
  • Astaro Security Linux 2.0.27
  • Astaro Security Linux 2.0.30
  • Astaro Security Linux 3.2.0
  • Astaro Security Linux 3.2.10
  • Astaro Security Linux 3.2.11
  • ISC Bind 4.9.2
  • ISC Bind 4.9.3
  • ISC Bind 4.9.4
  • ISC Bind 4.9.5
  • ISC Bind 4.9.6
  • ISC Bind 4.9.7
  • ISC Bind 4.9.8
  • ISC Bind 4.9.9
  • ISC Bind 4.9.10