Vulnerability Details CVE-2002-2213
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 91.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
- http://www.kb.cert.org/vuls/id/457875
- http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
- http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
- http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
- http://www.kb.cert.org/vuls/id/457875
- http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ
- http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
Products affected by CVE-2002-2213
-
cpe:2.3:a:infoblox:dns_one:*
-
cpe:2.3:a:isc:bind:4.9
-
cpe:2.3:a:isc:bind:4.9.10
-
cpe:2.3:a:isc:bind:4.9.2
-
cpe:2.3:a:isc:bind:4.9.3
-
cpe:2.3:a:isc:bind:4.9.4
-
cpe:2.3:a:isc:bind:4.9.5
-
cpe:2.3:a:isc:bind:4.9.6
-
cpe:2.3:a:isc:bind:4.9.7
-
cpe:2.3:a:isc:bind:4.9.8
-
cpe:2.3:a:isc:bind:4.9.9
-
cpe:2.3:a:isc:bind:8.2
-
cpe:2.3:a:isc:bind:8.2.1
-
cpe:2.3:a:isc:bind:8.2.2
-
cpe:2.3:a:isc:bind:8.2.3
-
cpe:2.3:a:isc:bind:8.2.4
-
cpe:2.3:a:isc:bind:8.2.5
-
cpe:2.3:a:isc:bind:8.2.6
-
cpe:2.3:a:isc:bind:8.2.7
-
cpe:2.3:a:isc:bind:8.3.0
-
cpe:2.3:a:isc:bind:8.3.1
-
cpe:2.3:a:isc:bind:8.3.2
-
cpe:2.3:a:isc:bind:8.3.3
-
cpe:2.3:a:isc:bind:8.3.4