Vulnerability Description
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infoblox | Dns One | All versions |
| Isc | Bind | 4.9 |
References
- http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
- http://www.kb.cert.org/vuls/id/457875US Government Resource
- http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
- http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.htmlPatch
- http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
- http://www.kb.cert.org/vuls/id/457875US Government Resource
- http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
- http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.htmlPatch
FAQ
What is CVE-2002-2213?
CVE-2002-2213 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack tha...
How severe is CVE-2002-2213?
CVE-2002-2213 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2213?
Check the references section above for vendor advisories and patch information. Affected products include: Infoblox Dns One, Isc Bind.