National Cyber-Alert System
Vulnerability Summary: CVE-2002-0684
Orirignal release date: 2002-08-12
Source: US-CERT/NIST

Overview

    Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

Impact

    CVSS Severity: 7 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    glibc (Gnu)
    BIND (ISC)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0684