Vulnerability Description
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 8.2.3 |
| Nixu | Namesurfer | standard_3.0.1 |
| Compaq | Tru64 | 4.0f |
| Freebsd | Freebsd | 4.4 |
| Hp | Hp-Ux | 11.00 |
| Ibm | Aix | 5.1l |
| Netbsd | Netbsd | 1.6 |
| Sco | Unixware | 7.1.1 |
| Sun | Solaris | 7.0 |
| Sun | Sunos | 5.7 |
References
- ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-0
- ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt
- http://secunia.com/advisories/10542
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434
- http://www.debian.org/security/2004/dsa-409PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/734644PatchThird Party AdvisoryUS Government Resource
- http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-0
- ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt
- http://secunia.com/advisories/10542
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434
- http://www.debian.org/security/2004/dsa-409PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/734644PatchThird Party AdvisoryUS Government Resource
- http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
FAQ
What is CVE-2003-0914?
CVE-2003-0914 is a vulnerability with a CVSS score of 4.3 (MEDIUM). ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
How severe is CVE-2003-0914?
CVE-2003-0914 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0914?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Nixu Namesurfer, Compaq Tru64, Freebsd Freebsd, Hp Hp-Ux.