CVE-2003-0914

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt
http://secunia.com/advisories/10542
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434
http://www.debian.org/security/2004/dsa-409	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/734644	Patch Third Party Advisory US Government Resource
http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:8.2.3:::::::*
	cpe:2.3:a:isc:bind:8.2.4:::::::*
	cpe:2.3:a:isc:bind:8.2.5:::::::*
	cpe:2.3:a:isc:bind:8.2.6:::::::*
	cpe:2.3:a:isc:bind:8.2.7:::::::*
	cpe:2.3:a:isc:bind:8.3.0:::::::*
	cpe:2.3:a:isc:bind:8.3.1:::::::*
	cpe:2.3:a:isc:bind:8.3.2:::::::*
	cpe:2.3:a:isc:bind:8.3.3:::::::*
	cpe:2.3:a:isc:bind:8.3.4:::::::*
	cpe:2.3:a:isc:bind:8.3.5:::::::*
	cpe:2.3:a:isc:bind:8.3.6:::::::*
	cpe:2.3:a:isc:bind:8.4:::::::*
	cpe:2.3:a:isc:bind:8.4.1:::::::*
	cpe:2.3:a:nixu:namesurfer:standard_3.0.1:::::::*
	cpe:2.3:a:nixu:namesurfer:suite_3.0.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:compaq:tru64:4.0f:::::::*
	cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:::::::*
	cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:::::::*
	cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:::::::*
	cpe:2.3:o:compaq:tru64:4.0g:::::::*
	cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:::::::*
	cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:::::::*
	cpe:2.3:o:compaq:tru64:5.1:::::::*
	cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:::::::*
	cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:::::::*
	cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:::::::*
	cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:::::::*
	cpe:2.3:o:compaq:tru64:5.1a:::::::*
	cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:::::::*
	cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:::::::*
	cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:::::::*
	cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:::::::*
	cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:::::::*
	cpe:2.3:o:compaq:tru64:5.1b:::::::*
	cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:::::::*
	cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:::::::*
	cpe:2.3:o:freebsd:freebsd:4.4:::::::*
	cpe:2.3:o:freebsd:freebsd:4.5:::::::*
	cpe:2.3:o:freebsd:freebsd:4.6:::::::*
	cpe:2.3:o:freebsd:freebsd:4.6.2:::::::*
	cpe:2.3:o:freebsd:freebsd:4.7:::::::*
	cpe:2.3:o:freebsd:freebsd:4.8:::::::*
	cpe:2.3:o:freebsd:freebsd:4.9:::::::*
	cpe:2.3:o:freebsd:freebsd:5.0:::::::*
	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.11:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:current:::::::*
	cpe:2.3:o:sco:unixware:7.1.1:::::::*
	cpe:2.3:o:sun:solaris:7.0::x86:::::
	cpe:2.3:o:sun:solaris:8.0::x86:::::
	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:9.0::x86:::::
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*

History

No history.

Information

Published : 2003-12-15 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-0914

Mitre link : CVE-2003-0914

CVE.ORG link : CVE-2003-0914

JSON object : View

Products Affected

netbsd

netbsd

compaq

tru64

hp-ux

ibm

nixu

namesurfer

sco

unixware

freebsd

freebsd

isc

bind

sun

sunos
solaris

CWE

NVD-CWE-Other

4.3 /10