Vulnerabilities > CVE-2002-0684
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
Vulnerable Configurations
Nessus
NASL family DNS NASL id BIND9_OVERFLOW.NASL description The remote BIND 9 DNS server, according to its version number, is vulnerable to a buffer overflow which may allow an attacker to gain a shell on this host or to disable this server. last seen 2020-06-01 modified 2020-06-02 plugin id 11318 published 2003-03-04 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11318 title ISC BIND < 9.2.2 DNS Resolver Functions Remote Overflow code # # (C) Tenable Network Security, Inc. # # Ref: # https://www.isc.org/downloads/bind/ # https://archive.cert.uni-stuttgart.de/bugtraq/2003/03/msg00075.html # include("compat.inc"); if (description) { script_id(11318); script_version ("1.26"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2002-0684"); script_xref(name:"CERT-CC", value:"CA-2002-19"); script_xref(name:"CERT", value:"542971"); script_name(english:"ISC BIND < 9.2.2 DNS Resolver Functions Remote Overflow"); script_summary(english:"Checks the remote BIND version"); script_set_attribute(attribute:"synopsis", value: "It is possible to use the remote name server to break into the remote host."); script_set_attribute(attribute:"description", value: "The remote BIND 9 DNS server, according to its version number, is vulnerable to a buffer overflow which may allow an attacker to gain a shell on this host or to disable this server."); script_set_attribute(attribute:"solution", value:"Upgrade to BIND 9.2.2 or downgrade to the 8.x series"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"see_also", value:"https://www.isc.org/downloads/bind/"); script_set_attribute(attribute:"see_also", value:"https://archive.cert.uni-stuttgart.de/bugtraq/2003/03/msg00075.html"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english: "DNS"); script_dependencie("bind_version.nasl"); script_require_keys("bind/version"); exit(0); } vers = get_kb_item("bind/version"); if(!vers)exit(0); if(ereg(string:vers, pattern:"^9\.[01]\..*")) { security_hole(53); exit(0); } if(ereg(string:vers, pattern:"^9\.2\.([0-1][^0-9]*|2rc.*)$")) { security_hole(53); exit(0); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-050.NASL description A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the last seen 2020-06-01 modified 2020-06-02 plugin id 13953 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13953 title Mandrake Linux Security Advisory : glibc (MDKSA-2002:050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:050. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13953); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0651", "CVE-2002-0684"); script_xref(name:"MDKSA", value:"2002:050"); script_name(english:"Mandrake Linux Security Advisory : glibc (MDKSA-2002:050)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the 'dns' entry in the 'networks' database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to 'files' and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ldconfig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-2.1.3-20.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-devel-2.1.3-20.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-profile-2.1.3-20.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"nscd-2.1.3-20.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-2.1.3-20.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-devel-2.1.3-20.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-profile-2.1.3-20.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"nscd-2.1.3-20.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-2.2.2-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-devel-2.2.2-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-profile-2.2.2-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"ldconfig-2.2.2-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"nscd-2.2.2-7.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-2.2.4-10.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-devel-2.2.4-10.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-profile-2.2.4-10.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"ldconfig-2.2.4-10.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"nscd-2.2.4-10.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-2.2.4-25.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-devel-2.2.4-25.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-profile-2.2.4-25.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"ldconfig-2.2.4-25.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nscd-2.2.4-25.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family DNS NASL id BIND_RESOLVER_OVERFLOW.NASL description The remote BIND server, according to its version number, is vulnerable to a remote buffer overflow within its resolver code. An attacker may be able to execute arbitrary code by having the remote DNS server make a request and send back a malicious DNS response with an invalid length field. last seen 2020-06-01 modified 2020-06-02 plugin id 11510 published 2003-04-03 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11510 title ISC BIND < 4.9.5 DNS Resolver Functions Remote Overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-167.NASL description Updated glibc packages are available which fix a buffer overflow in the XDR decoder and two vulnerabilities in the resolver functions. [updated 8 aug 2002] Updated packages have been made available, as the original errata introduced a bug which could cause calloc() to crash on 32-bit platforms when passed a size of 0. These updated errata packages contain a patch to correct this bug. The glibc package contains standard libraries which are used by multiple programs on the system. Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. NFS, NIS, and other network services that are built upon Sun RPC. The glibc package contains an XDR encoder/decoder derived from Sun last seen 2020-06-01 modified 2020-06-02 plugin id 12318 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12318 title RHEL 2.1 : glibc (RHSA-2002:167)
Redhat
| advisories |
|
References
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
- http://marc.info/?l=bugtraq&m=102581482511612&w=2
- http://marc.info/?l=bugtraq&m=102581482511612&w=2
- http://rhn.redhat.com/errata/RHSA-2002-139.html
- http://rhn.redhat.com/errata/RHSA-2002-139.html
- http://www.kb.cert.org/vuls/id/542971
- http://www.kb.cert.org/vuls/id/542971
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php