CVE-2003-0914
UnknownEPSS 3.16%
Last modified
CVE-2003-0914 is a vulnerability of currently unknown severity. ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.. EPSS estimates a 3.16% chance of exploitation in the next 30 days.
Description
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 8.2.3 |
| Isc | Bind | 8.2.4 |
| Isc | Bind | 8.2.5 |
| Isc | Bind | 8.2.6 |
| Isc | Bind | 8.2.7 |
| Isc | Bind | 8.3.0 |
| Isc | Bind | 8.3.1 |
| Isc | Bind | 8.3.2 |
| Isc | Bind | 8.3.3 |
| Isc | Bind | 8.3.4 |
| Isc | Bind | 8.3.5 |
| Isc | Bind | 8.3.6 |
| Isc | Bind | 8.4 |
| Isc | Bind | 8.4.1 |
| Nixu | Namesurfer | standard_3.0.1 |
| Nixu | Namesurfer | suite_3.0.1 |
| Compaq | Tru64 | 4.0f |
| Compaq | Tru64 | 4.0f_pk6_bl17 |
| Compaq | Tru64 | 4.0f_pk7_bl18 |
| Compaq | Tru64 | 4.0f_pk8_bl22 |
| Compaq | Tru64 | 4.0g |
| Compaq | Tru64 | 4.0g_pk3_bl17 |
| Compaq | Tru64 | 4.0g_pk4_bl22 |
| Compaq | Tru64 | 5.1 |
| Compaq | Tru64 | 5.1_pk3_bl17 |
| Compaq | Tru64 | 5.1_pk4_bl18 |
| Compaq | Tru64 | 5.1_pk5_bl19 |
| Compaq | Tru64 | 5.1_pk6_bl20 |
| Compaq | Tru64 | 5.1a |
| Compaq | Tru64 | 5.1a_pk1_bl1 |
| Compaq | Tru64 | 5.1a_pk2_bl2 |
| Compaq | Tru64 | 5.1a_pk3_bl3 |
| Compaq | Tru64 | 5.1a_pk4_bl21 |
| Compaq | Tru64 | 5.1a_pk5_bl23 |
| Compaq | Tru64 | 5.1b |
| Compaq | Tru64 | 5.1b_pk1_bl1 |
| Compaq | Tru64 | 5.1b_pk2_bl22 |
| Freebsd | Freebsd | 4.4 |
| Freebsd | Freebsd | 4.5 |
| Freebsd | Freebsd | 4.6 |
| Freebsd | Freebsd | 4.6.2 |
| Freebsd | Freebsd | 4.7 |
| Freebsd | Freebsd | 4.8 |
| Freebsd | Freebsd | 4.9 |
| Freebsd | Freebsd | 5.0 |
| Hp | Hp-Ux | 11.00 |
| Hp | Hp-Ux | 11.11 |
| Ibm | Aix | 5.1l |
| Netbsd | Netbsd | 1.6 |
| Netbsd | Netbsd | 1.6.1 |
Showing 50 of 57 affected configurations. See NVD for the full list.
References
- http://www.debian.org/security/2004/dsa-409Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/734644Patch, Third Party Advisory, US Government Resource
- http://www.debian.org/security/2004/dsa-409Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/734644Patch, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2003-0914?
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
How severe is CVE-2003-0914?
Severity scoring for CVE-2003-0914 is pending analysis. The EPSS model estimates a 3.16% probability of exploitation in the next 30 days.
How do I fix CVE-2003-0914?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2003-0914?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST