5

CVE-2002-2211

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version4.9
IscBind Version4.9.2
IscBind Version4.9.3
IscBind Version4.9.4
IscBind Version4.9.5
IscBind Version4.9.5 Updatep1
IscBind Version4.9.6
IscBind Version4.9.7
IscBind Version4.9.8
IscBind Version4.9.9
IscBind Version4.9.10
IscBind Version8.2
IscBind Version8.2.1
IscBind Version8.2.2
IscBind Version8.2.2 Updatep1
IscBind Version8.2.2 Updatep2
IscBind Version8.2.2 Updatep3
IscBind Version8.2.2 Updatep4
IscBind Version8.2.2 Updatep5
IscBind Version8.2.2 Updatep6
IscBind Version8.2.2 Updatep7
IscBind Version8.2.3
IscBind Version8.2.4
IscBind Version8.2.5
IscBind Version8.2.6
IscBind Version8.2.7
IscBind Version8.3.0
IscBind Version8.3.1
IscBind Version8.3.2
IscBind Version8.3.3
IscBind Version8.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.31% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
http://secunia.com/advisories/20217
Vendor Advisory
http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
http://www.kb.cert.org/vuls/id/457875
US Government Resource
http://www.kb.cert.org/vuls/id/IAFY-5FDPYP
http://www.kb.cert.org/vuls/id/IAFY-5FDT4U
http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ
http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
Patch
http://www.securityfocus.com/archive/1/434523/100/0/threaded
http://www.vupen.com/english/advisories/2006/1923