{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated glibc packages are available which fix a buffer overflow in the XDR\ndecoder and two vulnerabilities in the resolver functions.\n\n[updated 8 aug 2002]\nUpdated packages have been made available, as the original errata introduced\na bug which could cause calloc() to crash on 32-bit platforms when passed a\nsize of 0.  These updated errata packages contain a patch to correct this bug.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.  Sun RPC is a remote procedure call\nframework which allows clients to invoke procedures in a server process\nover a network.  XDR is a mechanism for encoding data structures for use\nwith RPC.  NFS, NIS, and other network services that are built upon Sun\nRPC.  The glibc package contains an XDR encoder/decoder derived from Sun\u0027s\nRPC implementation which was recently demonstrated to be vulnerable to a\nheap overflow.\n\nAn error in the calculation of memory needed for unpacking arrays in the\nXDR decoder can result in a heap buffer overflow in glibc 2.2.5 and\nearlier.  Depending upon the application, this vulnerability may be\nexploitable and could lead to arbitrary code execution.  (CAN-2002-0391)\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in the /etc/nsswitch.conf file includes the \"dns\"\nentry. By default, Red Hat Linux Advanced Server ships with \"networks\"\nset to \"files\" and is therefore not vulnerable to this issue.\n(CAN-2002-0684)\n\nA related issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc libraries and therefore are not vulnerable to these issues.\n\nThanks to Solar Designer for providing patches for this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:167",
        "url": "https://access.redhat.com/errata/RHSA-2002:167"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/archive/1/285308",
        "url": "http://online.securityfocus.com/archive/1/285308"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.cert.org/advisories/CA-2002-19.html",
        "url": "http://www.cert.org/advisories/CA-2002-19.html"
      },
      {
        "category": "external",
        "summary": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html",
        "url": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_167.json"
      }
    ],
    "title": "Red Hat Security Advisory: glibc security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:59+00:00",
      "generator": {
        "date": "2025-11-21T17:24:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2002:167",
      "initial_release_date": "2002-08-06T07:25:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-06T07:25:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-08-01T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0391",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0391"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0391"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391"
        }
      ],
      "release_date": "2002-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0684",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616795"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616795",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002_139

Vulnerability from csaf_redhat - Published: 2002-07-25 02:15 - Updated: 2024-11-21 22:26

Summary

Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver

Notes

Topic

Updated glibc packages are available to fix two vulnerabilities in the resolver functions.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated glibc packages are available to fix two vulnerabilities in the\nresolver functions.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011).  Version 2.2.5 of glibc and earlier versions are\naffected.  A system would be vulnerable to this issue if the\n\"networks\" database in /etc/nsswitch.conf includes the \"dns\" entry.  By\ndefault, Red Hat Linux ships with \"networks\" set to \"files\" and\nis therefore not vulnerable to this issue.  (CAN-2002-0684)\n\nA second, related, issue is a bug in the glibc-compat packages,  which\nprovide compatibility for applications compiled against glibc version\n2.0.x.  Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue.  (CAN-2002-0651)\n\nThese errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium\narchitecture also include a fix for the strncpy implementation in some\nboundary cases.\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc and glibc-compat libraries and therefore are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:139",
        "url": "https://access.redhat.com/errata/RHSA-2002:139"
      },
      {
        "category": "external",
        "summary": "http://www.cert.org/advisories/CA-2002-19.html",
        "url": "http://www.cert.org/advisories/CA-2002-19.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_139.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:48+00:00",
      "generator": {
        "date": "2024-11-21T22:26:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:139",
      "initial_release_date": "2002-07-25T02:15:00+00:00",
      "revision_history": [
        {
          "date": "2002-07-25T02:15:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-11T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-25T02:15:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0684",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616795"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616795",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-25T02:15:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002_167

Vulnerability from csaf_redhat - Published: 2002-08-06 07:25 - Updated: 2024-11-21 22:26

Summary

Red Hat Security Advisory: glibc security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated glibc packages are available which fix a buffer overflow in the XDR\ndecoder and two vulnerabilities in the resolver functions.\n\n[updated 8 aug 2002]\nUpdated packages have been made available, as the original errata introduced\na bug which could cause calloc() to crash on 32-bit platforms when passed a\nsize of 0.  These updated errata packages contain a patch to correct this bug.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The glibc package contains standard libraries which are used by\nmultiple programs on the system.  Sun RPC is a remote procedure call\nframework which allows clients to invoke procedures in a server process\nover a network.  XDR is a mechanism for encoding data structures for use\nwith RPC.  NFS, NIS, and other network services that are built upon Sun\nRPC.  The glibc package contains an XDR encoder/decoder derived from Sun\u0027s\nRPC implementation which was recently demonstrated to be vulnerable to a\nheap overflow.\n\nAn error in the calculation of memory needed for unpacking arrays in the\nXDR decoder can result in a heap buffer overflow in glibc 2.2.5 and\nearlier.  Depending upon the application, this vulnerability may be\nexploitable and could lead to arbitrary code execution.  (CAN-2002-0391)\n\nA buffer overflow vulnerability has been found in the way the glibc\nresolver handles the resolution of network names and addresses via DNS (as\nper Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are\naffected. A system would be vulnerable to this issue if the\n\"networks\" database in the /etc/nsswitch.conf file includes the \"dns\"\nentry. By default, Red Hat Linux Advanced Server ships with \"networks\"\nset to \"files\" and is therefore not vulnerable to this issue.\n(CAN-2002-0684)\n\nA related issue is a bug in the glibc-compat packages, which\nprovide compatibility for applications compiled against glibc version\n2.0.x. Applications compiled against this version (such as those\ndistributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also\nbe vulnerable to this issue. (CAN-2002-0651)\n\nAll users should upgrade to these errata packages which contain patches to\nthe glibc libraries and therefore are not vulnerable to these issues.\n\nThanks to Solar Designer for providing patches for this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:167",
        "url": "https://access.redhat.com/errata/RHSA-2002:167"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/archive/1/285308",
        "url": "http://online.securityfocus.com/archive/1/285308"
      },
      {
        "category": "external",
        "summary": "http://www.cert.org/advisories/CA-2002-19.html",
        "url": "http://www.cert.org/advisories/CA-2002-19.html"
      },
      {
        "category": "external",
        "summary": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html",
        "url": "http://sources.redhat.com/ml/libc-hacker/2002-08/msg00093.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_167.json"
      }
    ],
    "title": "Red Hat Security Advisory: glibc security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:50+00:00",
      "generator": {
        "date": "2024-11-21T22:26:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:167",
      "initial_release_date": "2002-08-06T07:25:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-06T07:25:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-08-01T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0391",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0391"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0391"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0391"
        }
      ],
      "release_date": "2002-07-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0684",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616795"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616795",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616795"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0684"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0684"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-06T07:25:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:167"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002_133

Vulnerability from csaf_redhat - Published: 2002-08-09 16:23 - Updated: 2024-11-21 22:26

Summary

Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library

Notes

Topic

Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. Updated BIND packages are now available to fix this issue.

Details

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and various tools. A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system. Red Hat Linux does not ship with any applications or libraries that link against the BIND resolver libraries; however, third party code may be affected. The updated bind packages included in this errata contain the patches from 8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Various versions of the ISC BIND resolver libraries are vulnerable to a\nbuffer overflow attack.  Updated BIND packages are now available to fix\nthis issue.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries.  Applications that utilize vulnerable DNS resolver\nlibraries may be affected.  A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nThe updated bind packages included in this errata contain the patches from\n8.3.3 which fix the buffer overflow applied (backported) to the 9.2.1 sources.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:133",
        "url": "https://access.redhat.com/errata/RHSA-2002:133"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/bid/5100",
        "url": "http://online.securityfocus.com/bid/5100"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_133.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated bind packages fix buffer overflow in resolver library",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:45+00:00",
      "generator": {
        "date": "2024-11-21T22:26:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:133",
      "initial_release_date": "2002-08-09T16:23:00+00:00",
      "revision_history": [
        {
          "date": "2002-08-09T16:23:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-07-01T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-08-09T16:23:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:133"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:154

Vulnerability from csaf_redhat - Published: 2003-06-18 22:19 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library

Notes

Topic

Updated BIND packages that fix a number of vulnerabilities are now available for Red Hat Linux on IBM iSeries and pSeries systems.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated BIND packages that fix a number of vulnerabilities are now\navailable for Red Hat Linux on IBM iSeries and pSeries systems.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\nvarious tools.\n \nA buffer overflow vulnerability exists in multiple implementations of the\nDNS resolver libraries.  Applications that utilize vulnerable DNS resolver\nlibraries may be affected.  A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service on a vulnerable system. \n\nRed Hat Linux does not ship with any applications or libraries that link \nagainst the BIND resolver libraries; however, third party code may be affected.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server (named) to fail an internal consistency check,\ncausing the name server to stop responding to requests.  This can be used\nby a remote attacker to cause a denial of service (DOS) attack against name\nservers.\n\nThe updated bind packages included in this errata contain Bind 9.2.1 with\nthe addition of backported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:154",
        "url": "https://access.redhat.com/errata/RHSA-2003:154"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/bid/5100",
        "url": "http://online.securityfocus.com/bid/5100"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_154.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:01+00:00",
      "generator": {
        "date": "2025-11-21T17:26:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:154",
      "initial_release_date": "2003-06-18T22:19:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-18T22:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-18T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0400",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616774"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0400"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616774",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
        }
      ],
      "release_date": "2002-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T22:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:154"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T22:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:154"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002_119

Vulnerability from csaf_redhat - Published: 2002-07-30 08:07 - Updated: 2024-11-21 22:26

Summary

Red Hat Security Advisory: bind security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of\nservice (DoS) attack vulnerability.  Various versions of the ISC BIND\nresolver libraries are vulnerable to a buffer overflow attack.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS \n(Domain Name System) protocols.  BIND includes a DNS server (named) --\nwhich resolves hostnames to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\nvarious tools.\n\nVersions of BIND 9 prior to 9.2.1 have a bug that causes certain requests\nto the BIND name server to fail an internal consistency check, causing the\nname server to stop responding to requests.  This can be used by a remote\nattacker to cause a denial of service (DoS) attack against name servers. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0400 to this issue.\n\nA buffer overflow vulnerability exists in multiple implementations of DNS\nresolver libraries. Applications that utilize vulnerable DNS resolver\nlibraries may be affected. A remote attacker who is able to send malicious\nDNS responses could potentially exploit this vulnerability to execute\narbitrary code or cause a denial of service (DoS) attack on a vulnerable\nsystem. Red Hat Linux does not ship with any applications or libraries that\nlink against the BIND resolver libraries; however, third party code may be\naffected. (CAN-2002-0651)\n\nRed Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable\nto both of these issues.  All users of BIND are advised to upgrade to the\nerrata packages containing BIND 9.2.1 which contains backported patches\nthat correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:119",
        "url": "https://access.redhat.com/errata/RHSA-2002:119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.kb.cert.org/vuls/id/803539",
        "url": "http://www.kb.cert.org/vuls/id/803539"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/bid/5100",
        "url": "http://online.securityfocus.com/bid/5100"
      },
      {
        "category": "external",
        "summary": "http://www.cert.org/advisories/CA-2002-19.html",
        "url": "http://www.cert.org/advisories/CA-2002-19.html"
      },
      {
        "category": "external",
        "summary": "http://www.cert.org/advisories/CA-2002-15.html",
        "url": "http://www.cert.org/advisories/CA-2002-15.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_119.json"
      }
    ],
    "title": "Red Hat Security Advisory: bind security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:26:42+00:00",
      "generator": {
        "date": "2024-11-21T22:26:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:119",
      "initial_release_date": "2002-07-30T08:07:00+00:00",
      "revision_history": [
        {
          "date": "2002-07-30T08:07:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-06-20T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:26:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0400",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616774"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0400"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616774",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616774"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0400"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0400"
        }
      ],
      "release_date": "2002-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-30T08:07:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0651",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
        }
      ],
      "release_date": "2002-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-07-30T08:07:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

FKIE_CVE-2002-0651

Vulnerability from fkie_nvd - Published: 2002-07-03 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
cve@mitre.org	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
cve@mitre.org	ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
cve@mitre.org	http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
cve@mitre.org	http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
cve@mitre.org	http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
cve@mitre.org	http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
cve@mitre.org	http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
cve@mitre.org	http://marc.info/?l=bugtraq&m=102513011311504&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=102520962320134&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=102579743329251&w=2
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2002-139.html
cve@mitre.org	http://www.cert.org/advisories/CA-2002-19.html	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.iss.net/security_center/static/9432.php	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/803539	US Government Resource
cve@mitre.org	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
cve@mitre.org	http://www.pine.nl/advisories/pine-cert-20020601.txt
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-119.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-133.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-167.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-154.html
cve@mitre.org	http://www.securityfocus.com/bid/5100
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
af854a3a-2127-422b-91ae-364da2661108	http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=102513011311504&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=102520962320134&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=102579743329251&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2002-139.html
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-19.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/9432.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/803539	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
af854a3a-2127-422b-91ae-364da2661108	http://www.pine.nl/advisories/pine-cert-20020601.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-119.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-133.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-167.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-154.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/5100
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190

Impacted products

	Vendor	Product	Version
	isc	bind	9.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7C7524-6943-4D94-8835-0221F0F0CD63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
    }
  ],
  "id": "CVE-2002-0651",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-07-03T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-19.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9432.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/803539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5100"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9432.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/803539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2002-0651

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2002-0651

Aliases

CVE-2002-0651

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-0651",
    "description": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
    "id": "GSD-2002-0651",
    "references": [
      "https://www.suse.com/security/cve/CVE-2002-0651.html",
      "https://access.redhat.com/errata/RHSA-2003:154",
      "https://access.redhat.com/errata/RHSA-2002:167",
      "https://access.redhat.com/errata/RHSA-2002:139",
      "https://access.redhat.com/errata/RHSA-2002:133",
      "https://access.redhat.com/errata/RHSA-2002:119"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-0651"
      ],
      "details": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
      "id": "GSD-2002-0651",
      "modified": "2023-12-13T01:24:07.877691Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-0651",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "CLSA-2002:507",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
          },
          {
            "name": "RHSA-2002:139",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
          },
          {
            "name": "ESA-20020724-018",
            "refsource": "ENGARDE",
            "url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:4190",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
          },
          {
            "name": "20020626 Remote buffer overflow in resolver code of libc",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
          },
          {
            "name": "RHSA-2002:119",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
          },
          {
            "name": "VU#803539",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/803539"
          },
          {
            "name": "dns-resolver-lib-bo(9432)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/9432.php"
          },
          {
            "name": "CSSA-2002-SCO.39",
            "refsource": "CALDERA",
            "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
          },
          {
            "name": "MDKSA-2002:038",
            "refsource": "MANDRAKE",
            "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
          },
          {
            "name": "IY32719",
            "refsource": "AIXAPAR",
            "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
          },
          {
            "name": "RHSA-2002:167",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
          },
          {
            "name": "RHSA-2003:154",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
          },
          {
            "name": "20020701-01-I",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
          },
          {
            "name": "IY32746",
            "refsource": "AIXAPAR",
            "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
          },
          {
            "name": "20020703 Buffer overflow and DoS i BIND",
            "refsource": "NTBUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
          },
          {
            "name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
          },
          {
            "name": "MDKSA-2002:043",
            "refsource": "MANDRAKE",
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
          },
          {
            "name": "RHSA-2002:133",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
          },
          {
            "name": "CSSA-2002-SCO.37",
            "refsource": "CALDERA",
            "url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
          },
          {
            "name": "FreeBSD-SA-02:28",
            "refsource": "FREEBSD",
            "url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
          },
          {
            "name": "CA-2002-19",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2002-19.html"
          },
          {
            "name": "5100",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/5100"
          },
          {
            "name": "NetBSD-SA2002-006",
            "refsource": "NETBSD",
            "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
          },
          {
            "name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
            "refsource": "MISC",
            "url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0651"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CA-2002-19",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-19.html"
            },
            {
              "name": "dns-resolver-lib-bo(9432)",
              "refsource": "XF",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.iss.net/security_center/static/9432.php"
            },
            {
              "name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
            },
            {
              "name": "20020703 Buffer overflow and DoS i BIND",
              "refsource": "NTBUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
            },
            {
              "name": "VU#803539",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/803539"
            },
            {
              "name": "CSSA-2002-SCO.37",
              "refsource": "CALDERA",
              "tags": [],
              "url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
            },
            {
              "name": "CSSA-2002-SCO.39",
              "refsource": "CALDERA",
              "tags": [],
              "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
            },
            {
              "name": "CLSA-2002:507",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
            },
            {
              "name": "ESA-20020724-018",
              "refsource": "ENGARDE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
            },
            {
              "name": "MDKSA-2002:038",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
            },
            {
              "name": "MDKSA-2002:043",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
            },
            {
              "name": "NetBSD-SA2002-006",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
            },
            {
              "name": "RHSA-2002:119",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
            },
            {
              "name": "RHSA-2002:133",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
            },
            {
              "name": "RHSA-2002:139",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
            },
            {
              "name": "RHSA-2002:167",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
            },
            {
              "name": "RHSA-2003:154",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
            },
            {
              "name": "20020701-01-I",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
            },
            {
              "name": "5100",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/5100"
            },
            {
              "name": "IY32746",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
            },
            {
              "name": "20020626 Remote buffer overflow in resolver code of libc",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
            },
            {
              "name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
            },
            {
              "name": "FreeBSD-SA-02:28",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:4190",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-10T01:30Z",
      "publishedDate": "2002-07-03T04:00Z"
    }
  }
}

GHSA-3HQP-JXGP-F6JM

Vulnerability from github – Published: 2022-05-03 03:07 – Updated: 2022-05-03 03:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-0651"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-07-03T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.",
  "id": "GHSA-3hqp-jxgp-f6jm",
  "modified": "2022-05-03T03:07:56Z",
  "published": "2022-05-03T03:07:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0651"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000507"
    },
    {
      "type": "WEB",
      "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=102513011311504\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=102520962320134\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=102579743329251\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2002-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/9432.php"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/803539"
    },
    {
      "type": "WEB",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
    },
    {
      "type": "WEB",
      "url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/5100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-0651 (GCVE-0-2002-0651)

Tags

Sightings

Nomenclature