Vulnerability Details : CVE-2002-0029
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Vulnerability category: OverflowExecute code
Products affected by CVE-2002-0029
- cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.23:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.25:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.26:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.27:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.30:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:3.2.10:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:2.0.24:*:*:*:*:*:*:*
- cpe:2.3:o:astaro:security_linux:3.2.11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0029
93.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0029
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0029
-
ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
-
http://www.isc.org/products/BIND/bind-security.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/6186
-
http://www.cert.org/advisories/CA-2002-31.html
Patch;Third Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/844360
US Government Resource
-
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
-
http://www.iss.net/security_center/static/10624.php
Vendor Advisory
Jump to