SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
HP Tru64 UNIX DNS BIND4/BIND8 Facilitates Cache Corruption Attacks
SecurityTracker Alert ID:  1015606
SecurityTracker URL:  http://securitytracker.com/id/1015606
CVE Reference:   CVE-2006-0527   (Links to External Site)
Updated:  Apr 20 2006
Original Entry Date:  Feb 9 2006
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4, 8
Description:   A vulnerability was reported in HP Tru64 UNIX running DNS BIND4/BIND8 when configured as forwarders. This may facilitate DNS corruption attacks against DNS clients.

A remote user can conduct DNS cache corruption attacks via BIND4 or BIND8 servers that are configured as forwarders. As a result, the remote user may be able to gain access to systems running DNS clients.

[Editor's note: This vulnerability applies to BIND4 and BIND8 in general and is not limited to the HP Tru64 UNIX implementation.]

[Editor's note: This is a duplicate entry for a previously issued alert (Alert ID 1015551). This entry will be deleted shortly. Please refer to the original alert.]
Impact:   A remote user may be able to conduct DNS cache poisoning attacks via affected nameservers.
Solution:   HP has issued the following Early Release Patch (ERP) kits.

HP Tru64 UNIX Version 5.1B-3 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000207-V51BB26-ES-20051212

Name: T64KIT1000207-V51BB26-ES-20051212

MD5 Checksum: b4cc5c0dd9dbec8d644444e8036f44dc

HP Tru64 UNIX Version 5.1B-2/PK4 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000208-V51BB25-ES-20051213

Name: T64KIT1000208-V51BB25-ES-20051213

MD5 Checksum: 6b388a0067f3e26a3a161edf28506769

HP Tru64 UNIX Version 5.1A PK6 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000209-V51AB24-ES-20051213

Name: T64KIT1000209-V51AB24-ES-20051213

MD5 Checksum: 02b95600c15c35ad2991ec247c3cd9fb

HP Tru64 UNIX Version 4.0G PK4 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000211-V40GB22-ES-20051210

Name: T64KIT1000211-V40GB22-ES-20051210

MD5 Checksum: 6f44f115dc564d67c073fa56989634c1

HP Tru64 UNIX Version 4.0F PK8 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1000210-V40FB22-ES-20051210

Name: DUXKIT1000210-V40FB22-ES-20051210

MD5 Checksum: db6ce0a77906512ba45bc10cc8c518a7

The HP advisory is available at:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837
Vendor URL:  www.isc.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   UNIX (Tru64)

Message History:   None.

 Source Message Contents
Date:  Thu, 9 Feb 2006 08:17:48 -0500
Subject:  HPSBTU02095 SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/BIND8 with Forwarders: Remote Unauthorized Privileged Access


http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC