CVE-2002-0029

NameCVE-2002-0029
DescriptionBuffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-196
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie1:9.9.5.dfsg-9+deb8u15fixed
jessie (security)1:9.9.5.dfsg-9+deb8u18fixed
stretch (security), stretch1:9.10.3.dfsg.P4-12.3+deb9u5fixed
buster1:9.11.5.P4+dfsg-5.1fixed
bullseye1:9.11.14+dfsg-3fixed
sid1:9.11.16+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bindsource(unstable)1:8.3.3-3
bindsourcewoody8.3.3-2.0woody1DSA-196
bind9source(unstable)(not affected)

Search for package or bug name: Reporting problems