CVE-2002-2211

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2211
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
isc / bind	8.2.2-p7	8.2.2-p7.x
isc / bind	8.2	8.2.x
isc / bind	4.9.5-p1	4.9.5-p1.x
isc / bind	4.9.4	4.9.4.x
isc / bind	8.2.1	8.2.1.x
isc / bind	8.2.2-p1	8.2.2-p1.x
isc / bind	8.2.5	8.2.5.x
isc / bind	8.3.1	8.3.1.x
isc / bind	8.3.2	8.3.2.x
isc / bind	8.2.2-p4	8.2.2-p4.x
isc / bind	4.9.8	4.9.8.x
isc / bind	8.2.2-p2	8.2.2-p2.x
isc / bind	8.3.4	8.3.4.x
isc / bind	4.9.6	4.9.6.x
isc / bind	8.2.7	8.2.7.x
isc / bind	8.2.2	8.2.2.x
isc / bind	8.2.4	8.2.4.x
isc / bind	8.2.2-p6	8.2.2-p6.x
isc / bind	4.9.10	4.9.10.x
isc / bind	4.9	4.9.x
isc / bind	8.2.6	8.2.6.x
isc / bind	4.9.3	4.9.3.x
isc / bind	4.9.7	4.9.7.x
isc / bind	8.2.2-p5	8.2.2-p5.x
isc / bind	8.3.0	8.3.0.x
isc / bind	8.2.2-p3	8.2.2-p3.x
isc / bind	8.3.3	8.3.3.x
isc / bind	4.9.9	4.9.9.x
isc / bind	4.9.5	4.9.5.x
isc / bind	4.9.2	4.9.2.x
isc / bind	8.2.3	8.2.3.x

Vulnerability Database

289,697

CVE-2002-2211