Vulnerabilities > CVE-2002-2213 - Remote Security vulnerability in BIND

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

infoblox

isc

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Vulnerable Configurations

Part	Description	Count
Application	Infoblox Infoblox DNS ONE *	1
Application	Isc ISC Bind 4.9 ISC Bind 4.9.2 ISC Bind 4.9.3 ISC Bind 4.9.4 ISC Bind 4.9.5 ISC Bind 4.9.6 ISC Bind 4.9.7 ISC Bind 4.9.8 ISC Bind 4.9.9 ISC Bind 4.9.10 ISC Bind 8.2 ISC Bind 8.2.1 ISC Bind 8.2.2 ISC Bind 8.2.3 ISC Bind 8.2.4 ISC Bind 8.2.5 ISC Bind 8.2.6 ISC Bind 8.2.7 ISC Bind 8.3.0 ISC Bind 8.3.1 ISC Bind 8.3.2 ISC Bind 8.3.3 ISC Bind 8.3.4	31

Summary

Vulnerable Configurations

References