CVE-2002-0029

Published: Nov 29, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Affected (18)

Products: Isc: Bind · Astaro: Security Linux

1 product

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	Version 4.9.10
Isc Bind	Version 4.9.2
Isc Bind	Version 4.9.3
Isc Bind	Version 4.9.4
Isc Bind	Version 4.9.5
Isc Bind	Version 4.9.6
Isc Bind	Version 4.9.7
Isc Bind	Version 4.9.8
Isc Bind	Version 4.9.9

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Astaro Security Linux	Version 2.0.23
Astaro Security Linux	Version 2.0.24
Astaro Security Linux	Version 2.0.25
Astaro Security Linux	Version 2.0.26
Astaro Security Linux	Version 2.0.27
Astaro Security Linux	Version 2.0.30
Astaro Security Linux	Version 3.2.0
Astaro Security Linux	Version 3.2.10
Astaro Security Linux	Version 3.2.11

References (16)

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P (unsafe URL)

Source: cve@mitre.org

http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html

Source: cve@mitre.org

http://www.cert.org/advisories/CA-2002-31.html

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.isc.org/products/BIND/bind-security.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.iss.net/security_center/static/10624.php

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/844360

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/6186

Source: cve@mitre.org

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cert.org/advisories/CA-2002-31.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.isc.org/products/BIND/bind-security.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.iss.net/security_center/static/10624.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/844360

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/6186

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.