发布时间 :2006-02-02 06:02:00
修订时间 :2011-05-18 00:00:00

[原文]BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.

[CNNVD]HP Tru64 DNS BIND 未授权访问漏洞(CNNVD-200602-031)

        BIND 4 (BIND4)和BIND 8 (BIND8)在用作目标传送器时,远程攻击者可以通过"Kashpureff式DNS缓存讹误"攻击来获取授权访问。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/a:isc:bind:8ISC BIND 8
cpe:/a:isc:bind:4ISC BIND 4

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  SECTRACK  1015606
(PATCH)  SECTRACK  1015551
(UNKNOWN)  XF  tru64-dns-bind-unauth-access(24414)
(UNKNOWN)  BID  16455
(UNKNOWN)  SREASON  438,10801,103744,00.html
(UNKNOWN)  MISC,10801,103744,00.html
(UNKNOWN)  VIM  20060216 Recent HP advisories outline BIND problems

- 漏洞信息

HP Tru64 DNS BIND 未授权访问漏洞
高危 资料不足
2006-02-02 00:00:00 2006-04-28 00:00:00
        BIND 4 (BIND4)和BIND 8 (BIND8)在用作目标传送器时,远程攻击者可以通过"Kashpureff式DNS缓存讹误"攻击来获取授权访问。

- 公告与补丁


- 漏洞信息

HP Tru64 UNIX DNS BIND Unspecified Remote Privilege Escalation
Remote / Network Access Attack Type Unknown
Loss of Integrity
Exploit Unknown

- 漏洞描述

HP Tru64 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. An unspecified flaw in the BIND DNS server might allow an attacker to remotely elevate their privileges, potentially leading to a loss of integrity. No further details have been provided.

- 时间线

2006-02-01 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a ERP (Early Release Patchkit) to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP Tru64 DNS BIND Unspecified Remote Unauthorized Access Vulnerability
Unknown 16455
Yes No
2006-01-25 12:00:00 2007-06-27 08:08:00
Reported by the vendor.

- 受影响的程序版本

HP Tru64 5.1 B-3
HP Tru64 5.1 B-2 PK4
HP Tru64 5.1 A PK6
HP Tru64 4.0 G PK4
HP Tru64 4.0 F PK8
HP HP-UX 11.11
HP HP-UX 11.0

- 漏洞讨论

HP Tru64 DNS BIND is prone to an unspecified remote unauthorized-access vulnerability.

Further details are not currently available; this BID will be updated when more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Fixes are available. Please see the referenced advisories for further details.

- 相关参考