Description
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/734644
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-409
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10542
Scores
EPSS
0.2990
EPSS Percentile
96.7%
Details
Status
published
Products (50)
compaq/tru64
4.0f
compaq/tru64
4.0f_pk6_bl17
compaq/tru64
4.0f_pk7_bl18
compaq/tru64
4.0f_pk8_bl22
compaq/tru64
4.0g
compaq/tru64
4.0g_pk3_bl17
compaq/tru64
4.0g_pk4_bl22
compaq/tru64
5.1
compaq/tru64
5.1_pk3_bl17
compaq/tru64
5.1_pk4_bl18
... and 40 more
Published
Dec 15, 2003
Tracked Since
Feb 18, 2026