CVE-2002-0684

glibc < 2.2.5 - Remote Code Execution via DNS Resolver Buffer Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

References (5)

Core 5
Core References
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
Various Sources vendor-advisory x_refsource_conectiva
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-139.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/542971
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102581482511612&w=2

Scores

EPSS 0.0365
EPSS Percentile 88.0%

Details

Status published
Products (2)
gnu/glibc < 2.2.5
isc/bind 4.9.8
Published Aug 12, 2002
Tracked Since Feb 18, 2026