CVE-2002-1220 – ISC BIND 8.3.x - OPT Record Large UDP Denial of Service
https://notcve.org/view.php?id=CVE-2002-1220
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. BIND 8.3.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (terminación debido a fallo en aseveración) mediante una petición para un subdominio que no existe, con un registro de recurso OPT con una carga UDP grande. • https://www.exploit-db.com/exploits/22011 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://marc.info/?l=bugtraq&m=103713117612842&w=2 http://marc.info/?l=bugtraq&m=103763574715133&w=2 http://online.securityfocus.com/advisories/4999 http://online.securityfocus.com/archive/1/300019 http://www.cert.org/advisories/CA-2002-31.html http://www.ciac.org/ciac/bulletins/n-013. •
CVE-2002-1219
https://notcve.org/view.php?id=CVE-2002-1219
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Desbordamiento de búfer en BIND versiones 4 anteriores a 4.9.10, y versiones 8 anteriores a 8.3.3, permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta de servidor DNS conteniendo registros de recursos (RR) SIG. • ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://marc.info/?l=bugtraq&m=103713117612842&w=2 http://marc.info/?l=bugtraq&m=103763574715133&w=2 http://online.securityfocus.com/advisories/4999 http://online.securityfocus.com/archive/1/300019 http: •
CVE-2002-1221
https://notcve.org/view.php?id=CVE-2002-1221
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. BIND 8.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (caída) mediante elementos registro de recurso (RR) SIG con fecha de expiració inválida, que son eliminados de la la base de datos interna de BIND y luego causan una desreferencia a nulo. • http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://marc.info/?l=bugtraq&m=103713117612842&w=2 http://marc.info/?l=bugtraq&m=103763574715133&w=2 http://online.securityfocus.com/advisories/4999 http://online.securityfocus.com/archive/1/300019 http://www.cert.org/advisories/CA-2002-31.html http://www.ciac.org/ •
CVE-2002-0414
https://notcve.org/view.php?id=CVE-2002-0414
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG http://www.iss.net/security_center/static/8416.php http://www.osvdb.org/5304 http://www.securityfocus.com/archive/1/259598 http://www.securityfocus.com/bid/4224 •
CVE-2002-0572 – Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
https://notcve.org/view.php?id=CVE-2002-0572
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. • https://www.exploit-db.com/exploits/21407 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html http://online.securityfocus.com/archive/1/268970 http://online.securityfocus.com/archive/1/269102 http://www.ciac.org/ciac/bulletins/m-072.shtml http://www.iss.net/security_center/static/8920.php http://www.kb.cert.org/vuls/id/809347 http://www.osvdb.org/6095 http://www.secu •