|
ISC BIND DNS Resolver Buffer Overflow Vulnerability
Solution: ISC recommends that users upgrade to ISC BIND 9.2.1. Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198529&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() HP has released a revised advisory (HPSBUX0212-233) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory. OpenPKG has released an advisory containing upgrades for this and other vulnerabilities. OpenPKG 1.0 users are advised to upgrade to the bind-8.2.6-1.0.2 package or later. OpenPKG 1.1 users are advised to upgrade to the bind8-8.3.3-1.1.1 package or later. OpenPKG CURRENT users are advised to upgrade to the bind8-8.3.3-20021114 package or later. bind-9.2.1-1.1.0 packages are also available for OpenPKG 1.1/CURRENT. Further details on obtaining and applying fixes can be found in the attached reference. This issue is present in Astaro Security Linux versions prior to Up2Date 3.212. Up2Date 3.211 is the minimum version required for users to install Up2Date 3.212. SGI has released an advisory, and advised vulnerable users to apply patch 4881 to execute the server in a chroot environment. This patch does not fix the vulnerability, but does limit the impact of exploitation. SGI has reported this vulnerability will be fixed in IRIX 6.5.19. HP has released fixes for BIND running on HP-UX platforms. The HP advisory states that BIN 8.1.2 running on HP-UX is also vulnerable, however, this has not been confirmed. SCO has released a security advisory (CSSA-2003-SCO.2). Information, on obtaining and applying fixes, can be gathered from the reverenced advisory. Sun has released an alert. Patches are available. Xerox has announced that DocuPrint NPS/IPS series 8.0 firmware is affected by this issue. A patch is now installed automatically during the software installation procedure. Versions prior to 8.0 may also be affected if using custom configurations designed to implement DNS services. IBM has released APARs to address this issue. RedHat has released advisory RHSA-2004:383-05 and fixes dealing with this issue for RedHat Enterprise Linux platforms. Please see the referenced advisory for further information. Advisory FLSA:1947 has been released for Fedora Legacy. Please see the attached advisory for details on obtaining and applying fixes. SuSE has made advisory SUSE-SR:2004:002 available dealing with this issue. Please see the reference section for more information. The following fixes are available: IBM AIX 5.1
IBM AIX 5.2
Sun Solaris 2.6
Sun Solaris 2.6_x86
HP HP-UX 10.10
HP HP-UX 10.20
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 11.11
GNU glibc 2.2.5
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK7 (BL18)
IBM AIX 4.3.3
ISC BIND 4.9.10
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 5.1 b PK1 (BL1)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 a
Compaq Tru64 5.1
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 b
|
|
 Privacy Statement |
