Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2002-0651
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLSA-2002:507",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"name": "RHSA-2002:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "ESA-20020724-018",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "oval:org.mitre.oval:def:4190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"name": "RHSA-2002:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "VU#803539",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "dns-resolver-lib-bo(9432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "CSSA-2002-SCO.39",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "MDKSA-2002:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "IY32719",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "RHSA-2002:167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "IY32746",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"name": "MDKSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "RHSA-2002:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "CSSA-2002-SCO.37",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "FreeBSD-SA-02:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"name": "CA-2002-19",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "5100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "NetBSD-SA2002-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLSA-2002:507",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"name": "RHSA-2002:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "ESA-20020724-018",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "oval:org.mitre.oval:def:4190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"name": "RHSA-2002:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "VU#803539",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "dns-resolver-lib-bo(9432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "CSSA-2002-SCO.39",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "MDKSA-2002:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "IY32719",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "RHSA-2002:167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "IY32746",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"name": "MDKSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "RHSA-2002:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "CSSA-2002-SCO.37",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "FreeBSD-SA-02:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"name": "CA-2002-19",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "5100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "NetBSD-SA2002-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:507",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"name": "RHSA-2002:139",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "ESA-20020724-018",
"refsource": "ENGARDE",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "oval:org.mitre.oval:def:4190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"name": "RHSA-2002:119",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "VU#803539",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "dns-resolver-lib-bo(9432)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "CSSA-2002-SCO.39",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "MDKSA-2002:038",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "IY32719",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "RHSA-2002:167",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "IY32746",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"name": "MDKSA-2002:043",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "RHSA-2002:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "CSSA-2002-SCO.37",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "FreeBSD-SA-02:28",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"name": "CA-2002-19",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "5100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "NetBSD-SA2002-006",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
"refsource": "MISC",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0651",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-06-28T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2002-0651\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-07-03T04:00:00.000\",\"lastModified\":\"2024-11-20T23:39:33.353\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D7C7524-6943-4D94-8835-0221F0F0CD63\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/aix/2002-q3/0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/aix/2002-q3/0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-139.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-19.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.iss.net/security_center/static/9432.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/803539\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.pine.nl/advisories/pine-cert-20020601.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-119.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-133.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-167.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-154.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/5100\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/aix/2002-q3/0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/aix/2002-q3/0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2002-139.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.iss.net/security_center/static/9432.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/803539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.pine.nl/advisories/pine-cert-20020601.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-119.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-133.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-167.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-154.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/5100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2002:167
Vulnerability from csaf_redhat
Published
2002-08-06 07:25
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: glibc security update
Notes
Topic
Updated glibc packages are available which fix a buffer overflow in the XDR
decoder and two vulnerabilities in the resolver functions.
[updated 8 aug 2002]
Updated packages have been made available, as the original errata introduced
a bug which could cause calloc() to crash on 32-bit platforms when passed a
size of 0. These updated errata packages contain a patch to correct this bug.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. NFS, NIS, and other network services that are built upon Sun
RPC. The glibc package contains an XDR encoder/decoder derived from Sun's
RPC implementation which was recently demonstrated to be vulnerable to a
heap overflow.
An error in the calculation of memory needed for unpacking arrays in the
XDR decoder can result in a heap buffer overflow in glibc 2.2.5 and
earlier. Depending upon the application, this vulnerability may be
exploitable and could lead to arbitrary code execution. (CAN-2002-0391)
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in the /etc/nsswitch.conf file includes the "dns"
entry. By default, Red Hat Linux Advanced Server ships with "networks"
set to "files" and is therefore not vulnerable to this issue.
(CAN-2002-0684)
A related issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
All users should upgrade to these errata packages which contain patches to
the glibc libraries and therefore are not vulnerable to these issues.
Thanks to Solar Designer for providing patches for this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available which fix a buffer overflow in the XDR\ndecoder and two vulnerabilities in the resolver functions.\n\n[updated 8 aug 2002]\nUpdated packages have been made available, as the original errata introduced\na bug which could cause calloc() to crash on 32-bit platforms when passed a\nsize of 0. These updated errata packages contain a patch to correct this bug.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system. Sun RPC is a remote procedure call\nframework which allows clients to invoke procedures in a server process\nover a network. XDR is a mechanism for encoding data structures for use\nwith RPC. NFS, NIS, and other network services that are built upon Sun\nRPC. The glibc package contains an XDR encoder/decoder derived from Sun\u0027s\nRPC implementation which was recently demonstrated to be vulnerable to a\nheap overflow.\n\nAn error in the calculation of memory needed for unpacking arrays in the\nXDR decoder can result in a heap buffer overflow in glibc 2.2.5 and\nearlier. Depending upon the application, this vulnerability may be\nexploitable and could lead to arbitrary code execution. (CAN-2002-0391)\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in the /etc/nsswitch.conf file includes the \"dns\"\nentry. By default, Red Hat Linux Advanced Server ships with \"networks\"\nset to \"files\" and is therefore not vulnerable to this issue.\n(CAN-2002-0684)\n\nA related issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc libraries and therefore are not vulnerable to these issues.\n\nThanks to Solar Designer for providing patches for this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:167",
"url": "https://access.redhat.com/errata/RHSA-2002:167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/285308",
"url": "http://online.securityfocus.com/archive/1/285308"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html",
"url": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_167.json"
}
],
"title": "Red Hat Security Advisory: glibc security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:50+00:00",
"generator": {
"date": "2024-11-21T22:26:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:167",
"initial_release_date": "2002-08-06T07:25:00+00:00",
"revision_history": [
{
"date": "2002-08-06T07:25:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-08-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0391",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616771"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0391"
},
{
"category": "external",
"summary": "RHBZ#1616771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391"
}
],
"release_date": "2002-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_167
Vulnerability from csaf_redhat
Published
2002-08-06 07:25
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: glibc security update
Notes
Topic
Updated glibc packages are available which fix a buffer overflow in the XDR
decoder and two vulnerabilities in the resolver functions.
[updated 8 aug 2002]
Updated packages have been made available, as the original errata introduced
a bug which could cause calloc() to crash on 32-bit platforms when passed a
size of 0. These updated errata packages contain a patch to correct this bug.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. NFS, NIS, and other network services that are built upon Sun
RPC. The glibc package contains an XDR encoder/decoder derived from Sun's
RPC implementation which was recently demonstrated to be vulnerable to a
heap overflow.
An error in the calculation of memory needed for unpacking arrays in the
XDR decoder can result in a heap buffer overflow in glibc 2.2.5 and
earlier. Depending upon the application, this vulnerability may be
exploitable and could lead to arbitrary code execution. (CAN-2002-0391)
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in the /etc/nsswitch.conf file includes the "dns"
entry. By default, Red Hat Linux Advanced Server ships with "networks"
set to "files" and is therefore not vulnerable to this issue.
(CAN-2002-0684)
A related issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
All users should upgrade to these errata packages which contain patches to
the glibc libraries and therefore are not vulnerable to these issues.
Thanks to Solar Designer for providing patches for this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available which fix a buffer overflow in the XDR\ndecoder and two vulnerabilities in the resolver functions.\n\n[updated 8 aug 2002]\nUpdated packages have been made available, as the original errata introduced\na bug which could cause calloc() to crash on 32-bit platforms when passed a\nsize of 0. These updated errata packages contain a patch to correct this bug.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system. Sun RPC is a remote procedure call\nframework which allows clients to invoke procedures in a server process\nover a network. XDR is a mechanism for encoding data structures for use\nwith RPC. NFS, NIS, and other network services that are built upon Sun\nRPC. The glibc package contains an XDR encoder/decoder derived from Sun\u0027s\nRPC implementation which was recently demonstrated to be vulnerable to a\nheap overflow.\n\nAn error in the calculation of memory needed for unpacking arrays in the\nXDR decoder can result in a heap buffer overflow in glibc 2.2.5 and\nearlier. Depending upon the application, this vulnerability may be\nexploitable and could lead to arbitrary code execution. (CAN-2002-0391)\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in the /etc/nsswitch.conf file includes the \"dns\"\nentry. By default, Red Hat Linux Advanced Server ships with \"networks\"\nset to \"files\" and is therefore not vulnerable to this issue.\n(CAN-2002-0684)\n\nA related issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc libraries and therefore are not vulnerable to these issues.\n\nThanks to Solar Designer for providing patches for this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:167",
"url": "https://access.redhat.com/errata/RHSA-2002:167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/285308",
"url": "http://online.securityfocus.com/archive/1/285308"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html",
"url": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_167.json"
}
],
"title": "Red Hat Security Advisory: glibc security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:50+00:00",
"generator": {
"date": "2024-11-21T22:26:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:167",
"initial_release_date": "2002-08-06T07:25:00+00:00",
"revision_history": [
{
"date": "2002-08-06T07:25:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-08-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0391",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616771"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0391"
},
{
"category": "external",
"summary": "RHBZ#1616771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391"
}
],
"release_date": "2002-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_139
Vulnerability from csaf_redhat
Published
2002-07-25 02:15
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver
Notes
Topic
Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)
A second, related, issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.
All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available to fix two vulnerabilities in the\nresolver functions.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in /etc/nsswitch.conf includes the \"dns\" entry. By\ndefault, Red Hat Linux ships with \"networks\" set to \"files\" and\nis therefore not vulnerable to this issue. (CAN-2002-0684)\n\nA second, related, issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nThese errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium\narchitecture also include a fix for the strncpy implementation in some\nboundary cases.\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc and glibc-compat libraries and therefore are not vulnerable to\nthese issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:139",
"url": "https://access.redhat.com/errata/RHSA-2002:139"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_139.json"
}
],
"title": "Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver",
"tracking": {
"current_release_date": "2024-11-21T22:26:48+00:00",
"generator": {
"date": "2024-11-21T22:26:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:139",
"initial_release_date": "2002-07-25T02:15:00+00:00",
"revision_history": [
{
"date": "2002-07-25T02:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-11T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2003_154
Vulnerability from csaf_redhat
Published
2003-06-18 22:19
Modified
2024-11-21 22:27
Summary
Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Updated BIND packages that fix a number of vulnerabilities are now
available for Red Hat Linux on IBM iSeries and pSeries systems.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of the
DNS resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server (named) to fail an internal consistency check,
causing the name server to stop responding to requests. This can be used
by a remote attacker to cause a denial of service (DOS) attack against name
servers.
The updated bind packages included in this errata contain Bind 9.2.1 with
the addition of backported patches and is not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated BIND packages that fix a number of vulnerabilities are now\navailable for Red Hat Linux on IBM iSeries and pSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of the\nDNS resolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server (named) to fail an internal consistency check,\ncausing the name server to stop responding to requests. This can be used\nby a remote attacker to cause a denial of service (DOS) attack against name\nservers.\n\nThe updated bind packages included in this errata contain Bind 9.2.1 with\nthe addition of backported patches and is not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:154",
"url": "https://access.redhat.com/errata/RHSA-2003:154"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_154.json"
}
],
"title": "Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:27:00+00:00",
"generator": {
"date": "2024-11-21T22:27:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:154",
"initial_release_date": "2003-06-18T22:19:00+00:00",
"revision_history": [
{
"date": "2003-06-18T22:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:27:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2003:154
Vulnerability from csaf_redhat
Published
2003-06-18 22:19
Modified
2024-11-21 22:27
Summary
Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Updated BIND packages that fix a number of vulnerabilities are now
available for Red Hat Linux on IBM iSeries and pSeries systems.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of the
DNS resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server (named) to fail an internal consistency check,
causing the name server to stop responding to requests. This can be used
by a remote attacker to cause a denial of service (DOS) attack against name
servers.
The updated bind packages included in this errata contain Bind 9.2.1 with
the addition of backported patches and is not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated BIND packages that fix a number of vulnerabilities are now\navailable for Red Hat Linux on IBM iSeries and pSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of the\nDNS resolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server (named) to fail an internal consistency check,\ncausing the name server to stop responding to requests. This can be used\nby a remote attacker to cause a denial of service (DOS) attack against name\nservers.\n\nThe updated bind packages included in this errata contain Bind 9.2.1 with\nthe addition of backported patches and is not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:154",
"url": "https://access.redhat.com/errata/RHSA-2003:154"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_154.json"
}
],
"title": "Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:27:00+00:00",
"generator": {
"date": "2024-11-21T22:27:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:154",
"initial_release_date": "2003-06-18T22:19:00+00:00",
"revision_history": [
{
"date": "2003-06-18T22:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:27:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
rhsa-2002:139
Vulnerability from csaf_redhat
Published
2002-07-25 02:15
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver
Notes
Topic
Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)
A second, related, issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.
All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available to fix two vulnerabilities in the\nresolver functions.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in /etc/nsswitch.conf includes the \"dns\" entry. By\ndefault, Red Hat Linux ships with \"networks\" set to \"files\" and\nis therefore not vulnerable to this issue. (CAN-2002-0684)\n\nA second, related, issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nThese errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium\narchitecture also include a fix for the strncpy implementation in some\nboundary cases.\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc and glibc-compat libraries and therefore are not vulnerable to\nthese issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:139",
"url": "https://access.redhat.com/errata/RHSA-2002:139"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_139.json"
}
],
"title": "Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver",
"tracking": {
"current_release_date": "2024-11-21T22:26:48+00:00",
"generator": {
"date": "2024-11-21T22:26:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:139",
"initial_release_date": "2002-07-25T02:15:00+00:00",
"revision_history": [
{
"date": "2002-07-25T02:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-11T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_133
Vulnerability from csaf_redhat
Published
2002-08-09 16:23
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Various versions of the ISC BIND resolver libraries are vulnerable to a
buffer overflow attack. Updated BIND packages are now available to fix
this issue.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
The updated bind packages included in this errata contain the patches from
8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Various versions of the ISC BIND resolver libraries are vulnerable to a\nbuffer overflow attack. Updated BIND packages are now available to fix\nthis issue.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nThe updated bind packages included in this errata contain the patches from\n8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:133",
"url": "https://access.redhat.com/errata/RHSA-2002:133"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_133.json"
}
],
"title": "Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:26:45+00:00",
"generator": {
"date": "2024-11-21T22:26:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:133",
"initial_release_date": "2002-08-09T16:23:00+00:00",
"revision_history": [
{
"date": "2002-08-09T16:23:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-09T16:23:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:133"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
rhsa-2002:119
Vulnerability from csaf_redhat
Published
2002-07-30 08:07
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: bind security update
Notes
Topic
Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of
service (DoS) attack vulnerability. Various versions of the ISC BIND
resolver libraries are vulnerable to a buffer overflow attack.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named) --
which resolves hostnames to IP addresses, a resolver library
(routines for applications to use when interfacing with DNS), and
various tools.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server to fail an internal consistency check, causing the
name server to stop responding to requests. This can be used by a remote
attacker to cause a denial of service (DoS) attack against name servers.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0400 to this issue.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service (DoS) attack on a vulnerable
system. Red Hat Linux does not ship with any applications or libraries that
link against the BIND resolver libraries; however, third party code may be
affected. (CAN-2002-0651)
Red Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable
to both of these issues. All users of BIND are advised to upgrade to the
errata packages containing BIND 9.2.1 which contains backported patches
that correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of\nservice (DoS) attack vulnerability. Various versions of the ISC BIND\nresolver libraries are vulnerable to a buffer overflow attack.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols. BIND includes a DNS server (named) --\nwhich resolves hostnames to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\nvarious tools.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server to fail an internal consistency check, causing the\nname server to stop responding to requests. This can be used by a remote\nattacker to cause a denial of service (DoS) attack against name servers. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0400 to this issue.\n\nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service (DoS) attack on a vulnerable\nsystem. Red Hat Linux does not ship with any applications or libraries that\nlink against the BIND resolver libraries; however, third party code may be\naffected. (CAN-2002-0651)\n\nRed Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable\nto both of these issues. All users of BIND are advised to upgrade to the\nerrata packages containing BIND 9.2.1 which contains backported patches\nthat correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:119",
"url": "https://access.redhat.com/errata/RHSA-2002:119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.kb.cert.org/vuls/id/803539",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-15.html",
"url": "http://www.cert.org/advisories/CA-2002-15.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_119.json"
}
],
"title": "Red Hat Security Advisory: bind security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:42+00:00",
"generator": {
"date": "2024-11-21T22:26:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:119",
"initial_release_date": "2002-07-30T08:07:00+00:00",
"revision_history": [
{
"date": "2002-07-30T08:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-06-20T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
rhsa-2002:133
Vulnerability from csaf_redhat
Published
2002-08-09 16:23
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Various versions of the ISC BIND resolver libraries are vulnerable to a
buffer overflow attack. Updated BIND packages are now available to fix
this issue.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
The updated bind packages included in this errata contain the patches from
8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Various versions of the ISC BIND resolver libraries are vulnerable to a\nbuffer overflow attack. Updated BIND packages are now available to fix\nthis issue.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nThe updated bind packages included in this errata contain the patches from\n8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:133",
"url": "https://access.redhat.com/errata/RHSA-2002:133"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_133.json"
}
],
"title": "Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:26:45+00:00",
"generator": {
"date": "2024-11-21T22:26:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:133",
"initial_release_date": "2002-08-09T16:23:00+00:00",
"revision_history": [
{
"date": "2002-08-09T16:23:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-09T16:23:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:133"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_119
Vulnerability from csaf_redhat
Published
2002-07-30 08:07
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: bind security update
Notes
Topic
Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of
service (DoS) attack vulnerability. Various versions of the ISC BIND
resolver libraries are vulnerable to a buffer overflow attack.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named) --
which resolves hostnames to IP addresses, a resolver library
(routines for applications to use when interfacing with DNS), and
various tools.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server to fail an internal consistency check, causing the
name server to stop responding to requests. This can be used by a remote
attacker to cause a denial of service (DoS) attack against name servers.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0400 to this issue.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service (DoS) attack on a vulnerable
system. Red Hat Linux does not ship with any applications or libraries that
link against the BIND resolver libraries; however, third party code may be
affected. (CAN-2002-0651)
Red Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable
to both of these issues. All users of BIND are advised to upgrade to the
errata packages containing BIND 9.2.1 which contains backported patches
that correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of\nservice (DoS) attack vulnerability. Various versions of the ISC BIND\nresolver libraries are vulnerable to a buffer overflow attack.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols. BIND includes a DNS server (named) --\nwhich resolves hostnames to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\nvarious tools.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server to fail an internal consistency check, causing the\nname server to stop responding to requests. This can be used by a remote\nattacker to cause a denial of service (DoS) attack against name servers. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0400 to this issue.\n\nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service (DoS) attack on a vulnerable\nsystem. Red Hat Linux does not ship with any applications or libraries that\nlink against the BIND resolver libraries; however, third party code may be\naffected. (CAN-2002-0651)\n\nRed Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable\nto both of these issues. All users of BIND are advised to upgrade to the\nerrata packages containing BIND 9.2.1 which contains backported patches\nthat correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:119",
"url": "https://access.redhat.com/errata/RHSA-2002:119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.kb.cert.org/vuls/id/803539",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-15.html",
"url": "http://www.cert.org/advisories/CA-2002-15.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_119.json"
}
],
"title": "Red Hat Security Advisory: bind security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:42+00:00",
"generator": {
"date": "2024-11-21T22:26:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:119",
"initial_release_date": "2002-07-30T08:07:00+00:00",
"revision_history": [
{
"date": "2002-07-30T08:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-06-20T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:119
Vulnerability from csaf_redhat
Published
2002-07-30 08:07
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: bind security update
Notes
Topic
Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of
service (DoS) attack vulnerability. Various versions of the ISC BIND
resolver libraries are vulnerable to a buffer overflow attack.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named) --
which resolves hostnames to IP addresses, a resolver library
(routines for applications to use when interfacing with DNS), and
various tools.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server to fail an internal consistency check, causing the
name server to stop responding to requests. This can be used by a remote
attacker to cause a denial of service (DoS) attack against name servers.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0400 to this issue.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service (DoS) attack on a vulnerable
system. Red Hat Linux does not ship with any applications or libraries that
link against the BIND resolver libraries; however, third party code may be
affected. (CAN-2002-0651)
Red Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable
to both of these issues. All users of BIND are advised to upgrade to the
errata packages containing BIND 9.2.1 which contains backported patches
that correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of\nservice (DoS) attack vulnerability. Various versions of the ISC BIND\nresolver libraries are vulnerable to a buffer overflow attack.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols. BIND includes a DNS server (named) --\nwhich resolves hostnames to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\nvarious tools.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server to fail an internal consistency check, causing the\nname server to stop responding to requests. This can be used by a remote\nattacker to cause a denial of service (DoS) attack against name servers. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0400 to this issue.\n\nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service (DoS) attack on a vulnerable\nsystem. Red Hat Linux does not ship with any applications or libraries that\nlink against the BIND resolver libraries; however, third party code may be\naffected. (CAN-2002-0651)\n\nRed Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable\nto both of these issues. All users of BIND are advised to upgrade to the\nerrata packages containing BIND 9.2.1 which contains backported patches\nthat correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:119",
"url": "https://access.redhat.com/errata/RHSA-2002:119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.kb.cert.org/vuls/id/803539",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-15.html",
"url": "http://www.cert.org/advisories/CA-2002-15.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_119.json"
}
],
"title": "Red Hat Security Advisory: bind security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:42+00:00",
"generator": {
"date": "2024-11-21T22:26:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:119",
"initial_release_date": "2002-07-30T08:07:00+00:00",
"revision_history": [
{
"date": "2002-07-30T08:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-06-20T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-30T08:07:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:119"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:133
Vulnerability from csaf_redhat
Published
2002-08-09 16:23
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Various versions of the ISC BIND resolver libraries are vulnerable to a
buffer overflow attack. Updated BIND packages are now available to fix
this issue.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
The updated bind packages included in this errata contain the patches from
8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Various versions of the ISC BIND resolver libraries are vulnerable to a\nbuffer overflow attack. Updated BIND packages are now available to fix\nthis issue.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nThe updated bind packages included in this errata contain the patches from\n8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:133",
"url": "https://access.redhat.com/errata/RHSA-2002:133"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_133.json"
}
],
"title": "Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:26:45+00:00",
"generator": {
"date": "2024-11-21T22:26:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:133",
"initial_release_date": "2002-08-09T16:23:00+00:00",
"revision_history": [
{
"date": "2002-08-09T16:23:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-09T16:23:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:133"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
rhsa-2003:154
Vulnerability from csaf_redhat
Published
2003-06-18 22:19
Modified
2024-11-21 22:27
Summary
Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library
Notes
Topic
Updated BIND packages that fix a number of vulnerabilities are now
available for Red Hat Linux on IBM iSeries and pSeries systems.
Details
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
various tools.
A buffer overflow vulnerability exists in multiple implementations of the
DNS resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious
DNS responses could potentially exploit this vulnerability to execute
arbitrary code or cause a denial of service on a vulnerable system.
Red Hat Linux does not ship with any applications or libraries that link
against the BIND resolver libraries; however, third party code may be affected.
Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests
to the BIND name server (named) to fail an internal consistency check,
causing the name server to stop responding to requests. This can be used
by a remote attacker to cause a denial of service (DOS) attack against name
servers.
The updated bind packages included in this errata contain Bind 9.2.1 with
the addition of backported patches and is not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated BIND packages that fix a number of vulnerabilities are now\navailable for Red Hat Linux on IBM iSeries and pSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of the\nDNS resolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server (named) to fail an internal consistency check,\ncausing the name server to stop responding to requests. This can be used\nby a remote attacker to cause a denial of service (DOS) attack against name\nservers.\n\nThe updated bind packages included in this errata contain Bind 9.2.1 with\nthe addition of backported patches and is not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:154",
"url": "https://access.redhat.com/errata/RHSA-2003:154"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/bid/5100",
"url": "http://online.securityfocus.com/bid/5100"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_154.json"
}
],
"title": "Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library",
"tracking": {
"current_release_date": "2024-11-21T22:27:00+00:00",
"generator": {
"date": "2024-11-21T22:27:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:154",
"initial_release_date": "2003-06-18T22:19:00+00:00",
"revision_history": [
{
"date": "2003-06-18T22:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:27:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0400",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616774"
}
],
"notes": [
{
"category": "description",
"text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0400"
},
{
"category": "external",
"summary": "RHBZ#1616774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
}
],
"release_date": "2002-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-18T22:19:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:154"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:167
Vulnerability from csaf_redhat
Published
2002-08-06 07:25
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: glibc security update
Notes
Topic
Updated glibc packages are available which fix a buffer overflow in the XDR
decoder and two vulnerabilities in the resolver functions.
[updated 8 aug 2002]
Updated packages have been made available, as the original errata introduced
a bug which could cause calloc() to crash on 32-bit platforms when passed a
size of 0. These updated errata packages contain a patch to correct this bug.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. NFS, NIS, and other network services that are built upon Sun
RPC. The glibc package contains an XDR encoder/decoder derived from Sun's
RPC implementation which was recently demonstrated to be vulnerable to a
heap overflow.
An error in the calculation of memory needed for unpacking arrays in the
XDR decoder can result in a heap buffer overflow in glibc 2.2.5 and
earlier. Depending upon the application, this vulnerability may be
exploitable and could lead to arbitrary code execution. (CAN-2002-0391)
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in the /etc/nsswitch.conf file includes the "dns"
entry. By default, Red Hat Linux Advanced Server ships with "networks"
set to "files" and is therefore not vulnerable to this issue.
(CAN-2002-0684)
A related issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
All users should upgrade to these errata packages which contain patches to
the glibc libraries and therefore are not vulnerable to these issues.
Thanks to Solar Designer for providing patches for this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available which fix a buffer overflow in the XDR\ndecoder and two vulnerabilities in the resolver functions.\n\n[updated 8 aug 2002]\nUpdated packages have been made available, as the original errata introduced\na bug which could cause calloc() to crash on 32-bit platforms when passed a\nsize of 0. These updated errata packages contain a patch to correct this bug.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system. Sun RPC is a remote procedure call\nframework which allows clients to invoke procedures in a server process\nover a network. XDR is a mechanism for encoding data structures for use\nwith RPC. NFS, NIS, and other network services that are built upon Sun\nRPC. The glibc package contains an XDR encoder/decoder derived from Sun\u0027s\nRPC implementation which was recently demonstrated to be vulnerable to a\nheap overflow.\n\nAn error in the calculation of memory needed for unpacking arrays in the\nXDR decoder can result in a heap buffer overflow in glibc 2.2.5 and\nearlier. Depending upon the application, this vulnerability may be\nexploitable and could lead to arbitrary code execution. (CAN-2002-0391)\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in the /etc/nsswitch.conf file includes the \"dns\"\nentry. By default, Red Hat Linux Advanced Server ships with \"networks\"\nset to \"files\" and is therefore not vulnerable to this issue.\n(CAN-2002-0684)\n\nA related issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc libraries and therefore are not vulnerable to these issues.\n\nThanks to Solar Designer for providing patches for this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:167",
"url": "https://access.redhat.com/errata/RHSA-2002:167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/285308",
"url": "http://online.securityfocus.com/archive/1/285308"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "external",
"summary": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html",
"url": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_167.json"
}
],
"title": "Red Hat Security Advisory: glibc security update",
"tracking": {
"current_release_date": "2024-11-21T22:26:50+00:00",
"generator": {
"date": "2024-11-21T22:26:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:167",
"initial_release_date": "2002-08-06T07:25:00+00:00",
"revision_history": [
{
"date": "2002-08-06T07:25:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-08-01T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0391",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616771"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0391"
},
{
"category": "external",
"summary": "RHBZ#1616771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391"
}
],
"release_date": "2002-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-08-06T07:25:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:167"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:139
Vulnerability from csaf_redhat
Published
2002-07-25 02:15
Modified
2024-11-21 22:26
Summary
Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver
Notes
Topic
Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.
Details
The glibc package contains standard libraries which are used by
multiple programs on the system.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)
A second, related, issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.
All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages are available to fix two vulnerabilities in the\nresolver functions.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in /etc/nsswitch.conf includes the \"dns\" entry. By\ndefault, Red Hat Linux ships with \"networks\" set to \"files\" and\nis therefore not vulnerable to this issue. (CAN-2002-0684)\n\nA second, related, issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nThese errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium\narchitecture also include a fix for the strncpy implementation in some\nboundary cases.\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc and glibc-compat libraries and therefore are not vulnerable to\nthese issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:139",
"url": "https://access.redhat.com/errata/RHSA-2002:139"
},
{
"category": "external",
"summary": "http://www.cert.org/advisories/CA-2002-19.html",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_139.json"
}
],
"title": "Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver",
"tracking": {
"current_release_date": "2024-11-21T22:26:48+00:00",
"generator": {
"date": "2024-11-21T22:26:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:139",
"initial_release_date": "2002-07-25T02:15:00+00:00",
"revision_history": [
{
"date": "2002-07-25T02:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-07-11T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:26:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 6.2",
"product": {
"name": "Red Hat Linux 6.2",
"product_id": "Red Hat Linux 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:6.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.0",
"product": {
"name": "Red Hat Linux 7.0",
"product_id": "Red Hat Linux 7.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0651",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616785"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0651"
},
{
"category": "external",
"summary": "RHBZ#1616785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0684",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616795"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0684"
},
{
"category": "external",
"summary": "RHBZ#1616795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
}
],
"release_date": "2002-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-07-25T02:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 6.2",
"Red Hat Linux 7.0",
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:139"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
gsd-2002-0651
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2002-0651",
"description": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"id": "GSD-2002-0651",
"references": [
"https://www.suse.com/security/cve/CVE-2002-0651.html",
"https://access.redhat.com/errata/RHSA-2003:154",
"https://access.redhat.com/errata/RHSA-2002:167",
"https://access.redhat.com/errata/RHSA-2002:139",
"https://access.redhat.com/errata/RHSA-2002:133",
"https://access.redhat.com/errata/RHSA-2002:119"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2002-0651"
],
"details": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"id": "GSD-2002-0651",
"modified": "2023-12-13T01:24:07.877691Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:507",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"name": "RHSA-2002:139",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "ESA-20020724-018",
"refsource": "ENGARDE",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "oval:org.mitre.oval:def:4190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"name": "RHSA-2002:119",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "VU#803539",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "dns-resolver-lib-bo(9432)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "CSSA-2002-SCO.39",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "MDKSA-2002:038",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "IY32719",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "RHSA-2002:167",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "IY32746",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"name": "MDKSA-2002:043",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "RHSA-2002:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "CSSA-2002-SCO.37",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "FreeBSD-SA-02:28",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"name": "CA-2002-19",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "5100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "NetBSD-SA2002-006",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
"refsource": "MISC",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0651"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-19",
"refsource": "CERT",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "dns-resolver-lib-bo(9432)",
"refsource": "XF",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
"refsource": "MISC",
"tags": [],
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"refsource": "NTBUGTRAQ",
"tags": [],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "VU#803539",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "CSSA-2002-SCO.37",
"refsource": "CALDERA",
"tags": [],
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "CSSA-2002-SCO.39",
"refsource": "CALDERA",
"tags": [],
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "CLSA-2002:507",
"refsource": "CONECTIVA",
"tags": [],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"name": "ESA-20020724-018",
"refsource": "ENGARDE",
"tags": [],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "MDKSA-2002:038",
"refsource": "MANDRAKE",
"tags": [],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "MDKSA-2002:043",
"refsource": "MANDRAKE",
"tags": [],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "NetBSD-SA2002-006",
"refsource": "NETBSD",
"tags": [],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"name": "RHSA-2002:119",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "RHSA-2002:133",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "RHSA-2002:139",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "RHSA-2002:167",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "5100",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "IY32746",
"refsource": "AIXAPAR",
"tags": [],
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"name": "FreeBSD-SA-02:28",
"refsource": "FREEBSD",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:4190",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-10T01:30Z",
"publishedDate": "2002-07-03T04:00Z"
}
}
}
ghsa-3hqp-jxgp-f6jm
Vulnerability from github
Published
2022-05-03 03:07
Modified
2022-05-03 03:07
Details
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
{
"affected": [],
"aliases": [
"CVE-2002-0651"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-07-03T04:00:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
"id": "GHSA-3hqp-jxgp-f6jm",
"modified": "2022-05-03T03:07:56Z",
"published": "2022-05-03T03:07:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"type": "WEB",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"type": "WEB",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"type": "WEB",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"type": "WEB",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/5100"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2002-0651
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7C7524-6943-4D94-8835-0221F0F0CD63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
],
"id": "CVE-2002-0651",
"lastModified": "2024-11-20T23:39:33.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"source": "cve@mitre.org",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5100"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.