Vulnerabilities > CVE-2002-0684 - Remote Security vulnerability in glibc

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnu
isc
nessus
NVD
Published: 2002-08-12
Updated: 2016-10-18

Summary

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

Vulnerable Configurations

Part Description Count
Application
Gnu
72
Application
Isc
1

Nessus

  • NASL familyDNS
    NASL idBIND9_OVERFLOW.NASL
    descriptionThe remote BIND 9 DNS server, according to its version number, is vulnerable to a buffer overflow which may allow an attacker to gain a shell on this host or to disable this server.
    last seen2020-06-01
    modified2020-06-02
    plugin id11318
    published2003-03-04
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11318
    titleISC BIND < 9.2.2 DNS Resolver Functions Remote Overflow
    code
    #
# (C) Tenable Network Security, Inc.
#

# Ref: 
# https://www.isc.org/downloads/bind/
# https://archive.cert.uni-stuttgart.de/bugtraq/2003/03/msg00075.html
# 

include("compat.inc");

if (description)
{
 script_id(11318);
 script_version ("1.26");
 script_cvs_date("Date: 2018/11/15 20:50:21");

 script_cve_id("CVE-2002-0684");
 script_xref(name:"CERT-CC", value:"CA-2002-19");
 script_xref(name:"CERT", value:"542971");

 script_name(english:"ISC BIND < 9.2.2 DNS Resolver Functions Remote Overflow");
 script_summary(english:"Checks the remote BIND version");
 
 script_set_attribute(attribute:"synopsis", value:
"It is possible to use the remote name server to break into the
remote host.");
 script_set_attribute(attribute:"description", value:
"The remote BIND 9 DNS server, according to its version number, is 
vulnerable to a buffer overflow which may allow an attacker to 
gain a shell on this host or to disable this server.");
 script_set_attribute(attribute:"solution", value:"Upgrade to BIND 9.2.2 or downgrade to the 8.x series");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_attribute(attribute:"see_also", value:"https://www.isc.org/downloads/bind/");
 script_set_attribute(attribute:"see_also", value:"https://archive.cert.uni-stuttgart.de/bugtraq/2003/03/msg00075.html");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/04");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/04");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english: "DNS");
 script_dependencie("bind_version.nasl");
 script_require_keys("bind/version");
 exit(0);
}


vers = get_kb_item("bind/version");
if(!vers)exit(0);

if(ereg(string:vers, pattern:"^9\.[01]\..*"))
{
 security_hole(53);
 exit(0);
}

if(ereg(string:vers, pattern:"^9\.2\.([0-1][^0-9]*|2rc.*)$"))
{
 security_hole(53);
 exit(0);
}
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-050.NASL
    descriptionA buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the
    last seen2020-06-01
    modified2020-06-02
    plugin id13953
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13953
    titleMandrake Linux Security Advisory : glibc (MDKSA-2002:050)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:050. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(13953);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2002-0651", "CVE-2002-0684");
  script_xref(name:"MDKSA", value:"2002:050");

  script_name(english:"Mandrake Linux Security Advisory : glibc (MDKSA-2002:050)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow vulnerability was found in the way that the glibc
resolver handles the resolution of network names and addresses via DNS
in glibc versions 2.2.5 and earlier. Only systems using the 'dns'
entry in the 'networks' database in /etc/nsswitch.conf are vulnerable
to this issue. By default, Mandrake Linux has this database set to
'files' and is not vulnerable. Likewise, a similar bug is in the
glibc-compat packages which provide compatability for programs
compiled against 2.0.x versions of glibc."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ldconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-2.1.3-20.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-devel-2.1.3-20.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-profile-2.1.3-20.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"nscd-2.1.3-20.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-2.1.3-20.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-devel-2.1.3-20.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-profile-2.1.3-20.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"nscd-2.1.3-20.2mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-2.2.2-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-devel-2.2.2-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-profile-2.2.2-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"ldconfig-2.2.2-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"nscd-2.2.2-7.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-2.2.4-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-devel-2.2.4-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-profile-2.2.4-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"ldconfig-2.2.4-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"nscd-2.2.4-10.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-2.2.4-25.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-devel-2.2.4-25.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-profile-2.2.4-25.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"ldconfig-2.2.4-25.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nscd-2.2.4-25.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDNS
    NASL idBIND_RESOLVER_OVERFLOW.NASL
    descriptionThe remote BIND server, according to its version number, is vulnerable to a remote buffer overflow within its resolver code. An attacker may be able to execute arbitrary code by having the remote DNS server make a request and send back a malicious DNS response with an invalid length field.
    last seen2020-06-01
    modified2020-06-02
    plugin id11510
    published2003-04-03
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11510
    titleISC BIND < 4.9.5 DNS Resolver Functions Remote Overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-167.NASL
    descriptionUpdated glibc packages are available which fix a buffer overflow in the XDR decoder and two vulnerabilities in the resolver functions. [updated 8 aug 2002] Updated packages have been made available, as the original errata introduced a bug which could cause calloc() to crash on 32-bit platforms when passed a size of 0. These updated errata packages contain a patch to correct this bug. The glibc package contains standard libraries which are used by multiple programs on the system. Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. NFS, NIS, and other network services that are built upon Sun RPC. The glibc package contains an XDR encoder/decoder derived from Sun
    last seen2020-06-01
    modified2020-06-02
    plugin id12318
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12318
    titleRHEL 2.1 : glibc (RHSA-2002:167)

Redhat

advisories
rhsa
idRHSA-2002:139

References