Think you have a false positive on this rule?

Sid 1-3154

Message

PROTOCOL-DNS UDP inverse query overflow

Summary

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-1999-0009:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-1999-0009: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Affected systems

  • datageneral dgux 5.4_3.0
  • datageneral dgux 5.4_3.1
  • datageneral dgux 5.4_4.1
  • datageneral dgux 5.4_4.11
  • isc bind 4.9.6
  • isc bind 8.1
  • isc bind 8.1.1
  • bsdi bsd_os 2.0
  • bsdi bsd_os 2.0.1
  • bsdi bsd_os 2.1
  • caldera openlinux 1.0
  • ibm aix 4.1
  • ibm aix 4.1.1
  • ibm aix 4.1.2
  • ibm aix 4.1.3
  • ibm aix 4.1.4
  • ibm aix 4.1.5
  • ibm aix 4.2
  • ibm aix 4.2.1
  • ibm aix 4.3
  • nec aslux4800 64
  • netbsd netbsd 1.0
  • netbsd netbsd 1.1
  • netbsd netbsd 1.2
  • netbsd netbsd 1.2.1
  • netbsd netbsd 1.3
  • netbsd netbsd 1.3.1
  • redhat linux 4.0
  • redhat linux 4.1
  • redhat linux 4.2
  • redhat linux 5.0
  • sco open_desktop 3.0
  • sco open_desktop 5.0
  • sco unixware 2.1
  • sco unixware 7.0
  • sgi irix 3.2
  • sgi irix 3.3
  • sgi irix 3.3.1
  • sgi irix 3.3.2
  • sgi irix 3.3.3
  • sgi irix 4.0
  • sgi irix 4.0.1
  • sgi irix 4.0.1t
  • sgi irix 4.0.2
  • sgi irix 4.0.3
  • sgi irix 4.0.4
  • sgi irix 4.0.4b
  • sgi irix 4.0.4t
  • sgi irix 4.0.5
  • sgi irix 4.0.5_iop
  • sgi irix 4.0.5_ipr
  • sgi irix 4.0.5a
  • sgi irix 4.0.5d
  • sgi irix 4.0.5e
  • sgi irix 4.0.5f
  • sgi irix 4.0.5g
  • sgi irix 4.0.5h
  • sgi irix 5.0
  • sgi irix 5.0.1
  • sgi irix 5.1
  • sgi irix 5.1.1
  • sgi irix 5.2
  • sgi irix 5.3
  • sgi irix 6.0
  • sgi irix 6.1
  • sgi irix 6.2
  • sgi irix 6.3
  • sun solaris 2.3
  • sun solaris 2.4
  • sun solaris 2.5
  • sun solaris 2.5.1
  • sun solaris 2.6

Ease of attack

CVE-1999-0009:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References