Vulnerability Description
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | <= 2.2.5 |
| Isc | Bind | 4.9.8 |
References
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
- http://marc.info/?l=bugtraq&m=102581482511612&w=2
- http://rhn.redhat.com/errata/RHSA-2002-139.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/542971US Government Resource
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
- http://marc.info/?l=bugtraq&m=102581482511612&w=2
- http://rhn.redhat.com/errata/RHSA-2002-139.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/542971US Government Resource
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
FAQ
What is CVE-2002-0684?
CVE-2002-0684 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execut...
How severe is CVE-2002-0684?
CVE-2002-0684 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0684?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Isc Bind.