{"id": "BIND_NEGATIVE_CACHE_DOS.NASL", "bulletinFamily": "scanner", "title": "ISC BIND < 8.3.7 / 8.4.3 Negative Record Cache Poisoning", "description": "The remote BIND server, according to its version number, is vulnerable to \na negative cache poison bug that may allow an attacker to disable this\nservice remotely.", "published": "2003-11-27T00:00:00", "modified": "2021-04-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/11932", "reporter": "This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2003-0914"], "type": "nessus", "lastseen": "2021-04-01T01:26:49", "edition": 26, "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0914"]}, {"type": "f5", "idList": ["SOL2888", "F5:K2888"]}, {"type": "osvdb", "idList": ["OSVDB:2866"]}, {"type": "openvas", "idList": ["OPENVAS:52471", "OPENVAS:52642", "OPENVAS:53108"]}, {"type": "nessus", "idList": ["AIX_IY49881.NASL", "FREEBSD_BIND8_NEG_POISON.NASL", "DEBIAN_DSA-409.NASL", "AIX_IY49883.NASL", "SUSE_SA_2003_047.NASL", "FREEBSD_PKG_F04CC5CB2D0B11D8BEAF000A95C4D922.NASL"]}, {"type": "freebsd", "idList": ["F04CC5CB-2D0B-11D8-BEAF-000A95C4D922"]}, {"type": "debian", "idList": ["DEBIAN:DSA-409-1:D4CA2"]}, {"type": "cert", "idList": ["VU:734644"]}, {"type": "suse", "idList": ["SUSE-SA:2003:047"]}], "modified": "2021-04-01T01:26:49", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-04-01T01:26:49", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n# \n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11932);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2003-0914\");\n script_bugtraq_id(9114);\n script_xref(name:\"Secunia\", value:\"10300\");\n script_xref(name:\"SuSE\", value:\"SUSE-SA:2003:047\");\n \n script_name(english:\"ISC BIND < 8.3.7 / 8.4.3 Negative Record Cache Poisoning\");\n script_summary(english:\"Checks the remote BIND version\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to disable the remote name server remotely.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote BIND server, according to its version number, is vulnerable to \na negative cache poison bug that may allow an attacker to disable this\nservice remotely.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to BIND 8.3.7 or 8.4.3\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/11/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/11/26\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english: \"DNS\");\n script_dependencie(\"bind_version.nasl\");\n script_require_keys(\"bind/version\");\n exit(0);\n}\n\nvers = get_kb_item(\"bind/version\");\nif(!vers)exit(0);\nif(ereg(string:vers, pattern:\"^8\\.([0-2]\\.|3\\.[0-6]([^0-9]|$)|4\\.[0-2]([^0-9]|$))\"))security_hole(53);\n", "naslFamily": "DNS", "pluginID": "11932", "cpe": ["cpe:/a:isc:bind"], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:22:09", "description": "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.", "edition": 4, "cvss3": {}, "published": "2003-12-15T05:00:00", "title": "CVE-2003-0914", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0914"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/o:sco:unixware:7.1.1", "cpe:/o:compaq:tru64:4.0g_pk3_bl17", "cpe:/o:compaq:tru64:5.1_pk6_bl20", "cpe:/o:freebsd:freebsd:4.4", "cpe:/o:hp:hp-ux:11.11", "cpe:/o:freebsd:freebsd:4.9", "cpe:/o:freebsd:freebsd:4.6.2", "cpe:/o:sun:solaris:8.0", "cpe:/o:compaq:tru64:5.1b_pk1_bl1", "cpe:/o:netbsd:netbsd:current", "cpe:/o:sun:sunos:5.8", "cpe:/o:ibm:aix:5.1l", "cpe:/o:compaq:tru64:5.1b_pk2_bl22", "cpe:/a:isc:bind:8.3.4", "cpe:/o:compaq:tru64:4.0f", "cpe:/o:compaq:tru64:5.1a_pk2_bl2", "cpe:/a:isc:bind:8.2.5", "cpe:/a:nixu:namesurfer:standard_3.0.1", "cpe:/a:isc:bind:8.3.0", "cpe:/o:netbsd:netbsd:1.6", "cpe:/a:isc:bind:8.4.1", "cpe:/o:freebsd:freebsd:4.7", "cpe:/o:freebsd:freebsd:5.0", "cpe:/a:isc:bind:8.3.6", "cpe:/o:compaq:tru64:4.0g_pk4_bl22", "cpe:/a:nixu:namesurfer:suite_3.0.1", "cpe:/o:netbsd:netbsd:1.6.1", "cpe:/a:isc:bind:8.3.3", "cpe:/o:freebsd:freebsd:4.6", "cpe:/a:isc:bind:8.2.4", "cpe:/o:sun:sunos:5.7", "cpe:/a:isc:bind:8.3.1", "cpe:/o:sun:solaris:7.0", "cpe:/o:compaq:tru64:4.0f_pk7_bl18", "cpe:/o:compaq:tru64:5.1_pk3_bl17", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:isc:bind:8.3.5", "cpe:/o:freebsd:freebsd:4.5", "cpe:/o:freebsd:freebsd:4.8", "cpe:/o:compaq:tru64:5.1_pk5_bl19", "cpe:/a:isc:bind:8.2.7", "cpe:/o:sun:solaris:9.0", "cpe:/o:compaq:tru64:5.1a_pk3_bl3", "cpe:/o:compaq:tru64:5.1_pk4_bl18", "cpe:/o:compaq:tru64:5.1a_pk1_bl1", "cpe:/o:compaq:tru64:4.0g", "cpe:/o:compaq:tru64:5.1", "cpe:/a:isc:bind:8.2.6", "cpe:/a:isc:bind:8.2.3", "cpe:/o:compaq:tru64:5.1a_pk4_bl21", "cpe:/o:compaq:tru64:5.1a_pk5_bl23", "cpe:/o:compaq:tru64:4.0f_pk8_bl22", "cpe:/o:compaq:tru64:5.1b", "cpe:/a:isc:bind:8.4", "cpe:/o:compaq:tru64:4.0f_pk6_bl17", "cpe:/o:compaq:tru64:5.1a", "cpe:/a:isc:bind:8.3.2"], "id": "CVE-2003-0914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0914", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:current:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe:2.3:a:nixu:namesurfer:suite_3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*", "cpe:2.3:a:nixu:namesurfer:standard_3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:20", "bulletinFamily": "software", "cvelist": ["CVE-2003-0914"], "edition": 1, "description": "", "modified": "2017-03-14T18:57:00", "published": "2003-12-05T03:00:00", "href": "https://support.f5.com/csp/article/K2888", "id": "F5:K2888", "type": "f5", "title": "DNS cache poisoning vulnerability CVE-2003-0914", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "cvelist": ["CVE-2003-0914"], "edition": 1, "description": "Information about this advisory is available at the following location:\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0914>\n", "modified": "2016-07-25T00:00:00", "published": "2003-12-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/2000/800/sol2888.html", "id": "SOL2888", "title": "SOL2888 - DNS cache poisoning vulnerability CVE-2003-0914", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-0914"], "edition": 1, "description": "## Vulnerability Description\nBIND prior to 8.3.7 contain a flaw that allows for a remote Denial of Service attack. An attacker who controls a DNS server can cause vulnerable servers to attempt to cache \"negative\" records. Legitimate clients requesting DNS service would not be able to function until the \"time to live\" (TTL) for the negative record had expired.\n\n## Solution Description\nUpgrade to version 8.3.7, 8.4.3, 9.x or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nBIND prior to 8.3.7 contain a flaw that allows for a remote Denial of Service attack. An attacker who controls a DNS server can cause vulnerable servers to attempt to cache \"negative\" records. Legitimate clients requesting DNS service would not be able to function until the \"time to live\" (TTL) for the negative record had expired.\n\n## References:\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1524.1)\n[Vendor Specific Advisory URL](ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-018.txt.asc)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2003_47_bind8.html)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-3816.html)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/security/UnixWare/CSSA-2003-SCO.33.txt)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57434&zone_32=category%3Asecurity)\n[Secunia Advisory ID:10774](https://secuniaresearch.flexerasoftware.com/advisories/10774/)\n[Secunia Advisory ID:10300](https://secuniaresearch.flexerasoftware.com/advisories/10300/)\n[Secunia Advisory ID:11697](https://secuniaresearch.flexerasoftware.com/advisories/11697/)\n[Secunia Advisory ID:13947](https://secuniaresearch.flexerasoftware.com/advisories/13947/)\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.4/SCOSA-2005.4.txt\n[Nessus Plugin ID:11932](https://vulners.com/search?query=pluginID:11932)\n[Nessus Plugin ID:14428](https://vulners.com/search?query=pluginID:14428)\n[Nessus Plugin ID:14429](https://vulners.com/search?query=pluginID:14429)\n[Nessus Plugin ID:13815](https://vulners.com/search?query=pluginID:13815)\n[Nessus Plugin ID:12526](https://vulners.com/search?query=pluginID:12526)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0320.html\nISS X-Force ID: 13854\n[CVE-2003-0914](https://vulners.com/cve/CVE-2003-0914)\nCERT VU: 734644\nBugtraq ID: 9114\n", "modified": "2003-11-26T03:22:17", "published": "2003-11-26T03:22:17", "id": "OSVDB:2866", "href": "https://vulners.com/osvdb/OSVDB:2866", "title": "ISC BIND Negative Record Cache Poisoning", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52471", "href": "http://plugins.openvas.org/nasl.php?oid=52471", "type": "openvas", "title": "FreeBSD Ports: bind", "sourceData": "#\n#VID f04cc5cb-2d0b-11d8-beaf-000a95c4d922\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: bind\n\nCVE-2003-0914\nISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote\nattackers to poison the cache via a malicious name server that returns\nnegative responses with a large TTL (time-to-live) value.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(52471);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(9114);\n script_cve_id(\"CVE-2003-0914\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: bind\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"bind\");\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.7\")<0) {\n txt += 'Package bind version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.3\")<0) {\n txt += 'Package bind version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-08T11:45:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-03:19.bind.asc", "modified": "2017-12-07T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52642", "href": "http://plugins.openvas.org/nasl.php?oid=52642", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-03:19.bind.asc)", "sourceData": "#\n#ADV FreeBSD-SA-03:19.bind.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"BIND 8 is an implementation of the Domain Name System (DNS) protocols.\nThe named(8) daemon is the Internet domain name server.\n\nA programming error in BIND 8 named can result in a DNS message being\nincorrectly cached as a negative response.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-03:19.bind.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-03:19.bind.asc\";\n\n \nif(description)\n{\n script_id(52642);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(9114);\n script_cve_id(\"CVE-2003-0914\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-03:19.bind.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"5.1\", patchlevel:\"11\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.0\", patchlevel:\"19\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.9\", patchlevel:\"1\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.8\", patchlevel:\"14\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.7\", patchlevel:\"24\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.6.2\", patchlevel:\"27\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.5\", patchlevel:\"37\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.4\", patchlevel:\"47\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "description": "The remote host is missing an update to bind\nannounced via advisory DSA 409-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53108", "href": "http://plugins.openvas.org/nasl.php?oid=53108", "type": "openvas", "title": "Debian Security Advisory DSA 409-1 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_409_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 409-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered in BIND, a domain name server, whereby\na malicious name server could return authoritative negative responses\nwith a large TTL (time-to-live) value, thereby rendering a domain name\nunreachable. A successful attack would require that a vulnerable BIND\ninstance submit a query to a malicious nameserver.\n\nThe bind9 package is not affected by this vulnerability.\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1:8.3.3-2.0woody2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1:8.4.3-1.\n\nWe recommend that you update your bind package.\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory DSA 409-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20409-1\";\n\nif(description)\n{\n script_id(53108);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(9114);\n script_cve_id(\"CVE-2003-0914\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 409-1 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind-doc\", ver:\"8.3.3-2.0woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind\", ver:\"8.3.3-2.0woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind-dev\", ver:\"8.3.3-2.0woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2016-09-26T17:23:53", "edition": 1, "description": "The following package needs to be updated: bind", "published": "2004-07-06T00:00:00", "type": "nessus", "title": "FreeBSD : bind8 negative cache poison attack (17)", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2004-07-06T00:00:00", "id": "FREEBSD_BIND8_NEG_POISON.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12526", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12526);\n script_version(\"$Revision: 1.11 $\");\n script_cve_id(\"CVE-2003-0914\");\n\n script_name(english:\"FreeBSD : bind8 negative cache poison attack (17)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: bind');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1\nhttp://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&amp;r2=1.389.2.111&amp;ty=h\nhttp://downloads.phpgroupware.org/changelog\nhttp://drupal.org/files/sa-2005-004/advisory.txt\nhttp://phpadsnew.com/two/nucleus/index.php?itemid=45\nhttp://thread.gmane.org/gmane.comp.horde.imp/15488\nhttp://www.hardened-php.net/advisory_142005.66.html\nhttp://www.hardened-php.net/advisory_152005.67.html\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-09.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-10.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-11.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-12.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-13.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-44.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-45.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-46.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-47.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-48.html');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/f04cc5cb-2d0b-11d8-beaf-000a95c4d922.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_end_attributes();\n script_summary(english:\"Check for bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #36224 (freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"bind>=8.3<8.3.7\");\n\npkg_test(pkg:\"bind>=8.4<8.4.3\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-01-17T14:14:43", "description": "The remote host is missing the patch for the advisory SuSE-SA:2003:047 (bind8).\n\n\nTo resolve IP addresses to host and domain names and vice versa the\nDNS service needs to be consulted. The most popular DNS software is\nthe BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote\ndenial-of-service attack by poisoning the cache with authoritative\nnegative responses that should not be accepted otherwise.\nTo execute this attack a name-server needs to be under malicious\ncontrol and the victim's bind8 has to query this name-server.\nThe attacker can set a high TTL value to keep his negative record as\nlong as possible in the cache of the victim. For this time the clients\nof the attacked site that rely on the bind8 service will not be able\nto reach the domain specified in the negative record.\nThese records should disappear after the time-interval (TTL) elapsed.\n\nThere is no temporary workaround for this bug.\n\nTo make this update effective run 'rcnamed restart' as root please.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.", "edition": 24, "published": "2004-07-25T00:00:00", "title": "SuSE-SA:2003:047: bind8", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2004-07-25T00:00:00", "cpe": [], "id": "SUSE_SA_2003_047.NASL", "href": "https://www.tenable.com/plugins/nessus/13815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SuSE-SA:2003:047\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(13815);\n script_version(\"1.14\");\n script_cve_id(\"CVE-2003-0914\");\n \n name[\"english\"] = \"SuSE-SA:2003:047: bind8\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SuSE-SA:2003:047 (bind8).\n\n\nTo resolve IP addresses to host and domain names and vice versa the\nDNS service needs to be consulted. The most popular DNS software is\nthe BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote\ndenial-of-service attack by poisoning the cache with authoritative\nnegative responses that should not be accepted otherwise.\nTo execute this attack a name-server needs to be under malicious\ncontrol and the victim's bind8 has to query this name-server.\nThe attacker can set a high TTL value to keep his negative record as\nlong as possible in the cache of the victim. For this time the clients\nof the attacked site that rely on the bind8 service will not be able\nto reach the domain specified in the negative record.\nThese records should disappear after the time-interval (TTL) elapsed.\n\nThere is no temporary workaround for this bug.\n\nTo make this update effective run 'rcnamed restart' as root please.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2003_47_bind8.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the bind8 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"bind8-8.2.4-334\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"bind8-8.2.4-334\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"bind8-8.2.4-336\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"bind8-8.3.4-64\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"bind8-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"bind8-\", release:\"SUSE8.0\")\n || rpm_exists(rpm:\"bind8-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"bind8-\", release:\"SUSE8.2\") )\n{\n set_kb_item(name:\"CVE-2003-0914\", value:TRUE);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:17:54", "description": "The remote host is missing AIX Critical Security Patch number IY49881\n(Anti-cache poisoning techniques to negative answers).\n\nYou should install this patch for your system to be up-to-date.", "edition": 24, "published": "2004-08-27T00:00:00", "title": "AIX 5.1 : IY49881", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2004-08-27T00:00:00", "cpe": [], "id": "AIX_IY49881.NASL", "href": "https://www.tenable.com/plugins/nessus/14428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(14428);\n script_version(\"1.12\");\n script_cve_id(\"CVE-2003-0914\");\n name[\"english\"] = \"AIX 5.1 : IY49881\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing AIX Critical Security Patch number IY49881\n(Anti-cache poisoning techniques to negative answers).\n\nYou should install this patch for your system to be up-to-date.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www-912.ibm.com/eserver/support/fixes/\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for patch IY49881\"; \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"AIX Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\");\n exit(0);\n}\n\n\n\ninclude(\"aix.inc\");\n\n if( aix_check_patch(release:\"5.1\", patch:\"IY49881\", package:\"bos.net.tcp.server.5.1.0.55\") < 0 ) \n security_warning();\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:51:30", "description": "A vulnerability was discovered in BIND, a domain name server, whereby\na malicious name server could return authoritative negative responses\nwith a large TTL (time-to-live) value, thereby rendering a domain name\nunreachable. A successful attack would require that a vulnerable BIND\ninstance submit a query to a malicious nameserver. \n\nThe bind9 package is not affected by this vulnerability.", "edition": 24, "published": "2004-09-29T00:00:00", "title": "Debian DSA-409-1 : bind - denial of service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:bind"], "id": "DEBIAN_DSA-409.NASL", "href": "https://www.tenable.com/plugins/nessus/15246", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-409. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15246);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0914\");\n script_bugtraq_id(9114);\n script_xref(name:\"CERT\", value:\"734644\");\n script_xref(name:\"DSA\", value:\"409\");\n\n script_name(english:\"Debian DSA-409-1 : bind - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in BIND, a domain name server, whereby\na malicious name server could return authoritative negative responses\nwith a large TTL (time-to-live) value, thereby rendering a domain name\nunreachable. A successful attack would require that a vulnerable BIND\ninstance submit a query to a malicious nameserver. \n\nThe bind9 package is not affected by this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-409\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) this problem has been\nfixed in version 1:8.3.3-2.0woody2.\n\nWe recommend that you update your bind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"bind\", reference:\"8.3.3-2.0woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"bind-dev\", reference:\"8.3.3-2.0woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"bind-doc\", reference:\"8.3.3-2.0woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:23", "description": "A programming error in BIND 8 named can result in a DNS message being\nincorrectly cached as a negative response. As a result, an attacker\nmay arrange for malicious DNS messages to be delivered to a target\nname server, and cause that name server to cache a negative response\nfor some target domain name. The name server would thereafter respond\nnegatively to legitimate queries for that domain name, resulting in a\ndenial-of-service for applications that require DNS.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "FreeBSD : bind8 negative cache poison attack (f04cc5cb-2d0b-11d8-beaf-000a95c4d922)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bind"], "id": "FREEBSD_PKG_F04CC5CB2D0B11D8BEAF000A95C4D922.NASL", "href": "https://www.tenable.com/plugins/nessus/36224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36224);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0914\");\n script_xref(name:\"CERT\", value:\"734644\");\n script_xref(name:\"FreeBSD\", value:\"SA-03:19.bind\");\n\n script_name(english:\"FreeBSD : bind8 negative cache poison attack (f04cc5cb-2d0b-11d8-beaf-000a95c4d922)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A programming error in BIND 8 named can result in a DNS message being\nincorrectly cached as a negative response. As a result, an attacker\nmay arrange for malicious DNS messages to be delivered to a target\nname server, and cause that name server to cache a negative response\nfor some target domain name. The name server would thereafter respond\nnegatively to legitimate queries for that domain name, resulting in a\ndenial-of-service for applications that require DNS.\"\n );\n # https://vuxml.freebsd.org/freebsd/f04cc5cb-2d0b-11d8-beaf-000a95c4d922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b8c2050\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind>=8.3<8.3.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind>=8.4<8.4.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:54", "description": "The remote host is missing AIX Critical Security Patch number IY49883\n(Anti-cache poison techniques to negative answers).\n\nYou should install this patch for your system to be up-to-date.", "edition": 24, "published": "2004-08-27T00:00:00", "title": "AIX 5.2 : IY49883", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0914"], "modified": "2004-08-27T00:00:00", "cpe": [], "id": "AIX_IY49883.NASL", "href": "https://www.tenable.com/plugins/nessus/14429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(14429);\n script_version(\"1.12\");\n script_cve_id(\"CVE-2003-0914\");\n name[\"english\"] = \"AIX 5.2 : IY49883\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing AIX Critical Security Patch number IY49883\n(Anti-cache poison techniques to negative answers).\n\nYou should install this patch for your system to be up-to-date.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www-912.ibm.com/eserver/support/fixes/\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for patch IY49883\"; \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"AIX Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\");\n exit(0);\n}\n\n\n\ninclude(\"aix.inc\");\n\n if( aix_check_patch(release:\"5.2\", patch:\"IY49883\", package:\"bos.net.tcp.server.5.2.0.16\") < 0 ) \n security_warning();\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0914"], "description": "\nA programming error in BIND 8 named can result in a DNS\n\tmessage being incorrectly cached as a negative response. As\n\ta result, an attacker may arrange for malicious DNS messages\n\tto be delivered to a target name server, and cause that name\n\tserver to cache a negative response for some target domain\n\tname. The name server would thereafter respond negatively\n\tto legitimate queries for that domain name, resulting in a\n\tdenial-of-service for applications that require DNS.\n", "edition": 4, "modified": "2004-05-05T00:00:00", "published": "2003-11-28T00:00:00", "id": "F04CC5CB-2D0B-11D8-BEAF-000A95C4D922", "href": "https://vuxml.freebsd.org/freebsd/f04cc5cb-2d0b-11d8-beaf-000a95c4d922.html", "title": "bind8 negative cache poison attack", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:27:27", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0914"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 409-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJanuary 5th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : bind\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0914\n\nA vulnerability was discovered in BIND, a domain name server, whereby\na malicious name server could return authoritative negative responses\nwith a large TTL (time-to-live) value, thereby rendering a domain name\nunreachable. A successful attack would require that a vulnerable BIND\ninstance submit a query to a malicious nameserver. \n\nThe bind9 package is not affected by this vulnerability.\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1:8.3.3-2.0woody2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1:8.4.3-1.\n\nWe recommend that you update your bind package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2.dsc\n Size/MD5 checksum: 639 ade872aa1e8b6bb0b55bd871207d8a36\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2.diff.gz\n Size/MD5 checksum: 31925 cdf79e7828e5de2a4cf8ee8e5062a627\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3.orig.tar.gz\n Size/MD5 checksum: 2713120 847ba93d1ac71b94560c002c9f730100\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.3.3-2.0woody2_all.deb\n Size/MD5 checksum: 1290814 37075f1a0c5a674d0dc81696f1043a57\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_alpha.deb\n Size/MD5 checksum: 999312 ecfa16c08ff20b8d4bcdd6c77c32ed6b\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_alpha.deb\n Size/MD5 checksum: 509452 3c7d5b70a191c01417e3df9eb6b889a9\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_arm.deb\n Size/MD5 checksum: 826590 696c53c2e7da00d72de0ddce3e9f0bf3\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_arm.deb\n Size/MD5 checksum: 427084 df67dbc243f6a88fe1b80e8774bcb366\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_i386.deb\n Size/MD5 checksum: 793732 214489ee9312f15a4a86cc8fccec22a2\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_i386.deb\n Size/MD5 checksum: 381988 7a625ae2de5b673d9c3a834826f72526\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_ia64.deb\n Size/MD5 checksum: 1285864 81bad842984112df3997702fa06173ec\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_ia64.deb\n Size/MD5 checksum: 575890 24d29d3e6f9dd9f67f1b35690ede36f5\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_hppa.deb\n Size/MD5 checksum: 921460 1828a8f102cf3fe1953c960147fc2880\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_hppa.deb\n Size/MD5 checksum: 475208 166521ce1dbe1d65320b4ba22f7fe659\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_m68k.deb\n Size/MD5 checksum: 720658 db9f23af2a807675f221c44c861d7019\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_m68k.deb\n Size/MD5 checksum: 362762 2c1981f62b69bb3bdf60dd955155514d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mips.deb\n Size/MD5 checksum: 926968 63314aa98265e5641eb25a4a47c868d9\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_mips.deb\n Size/MD5 checksum: 469896 385520c21f7e8bc43a9b33fe3b19963f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mipsel.deb\n Size/MD5 checksum: 934550 31bc0a5466e17746ca2b3cbf1795ad53\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_mipsel.deb\n Size/MD5 checksum: 470826 df4d17e787078e3fc15cae26062c8b1b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_powerpc.deb\n Size/MD5 checksum: 852052 90e213b330d86b796a2641f974e6b253\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_powerpc.deb\n Size/MD5 checksum: 451706 39ea99885a79166a6b0240610c592b87\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_s390.deb\n Size/MD5 checksum: 796474 46b7bfab715c81ec87f8dd40e45b2a52\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_s390.deb\n Size/MD5 checksum: 386568 a2e71e8e0dd00e49e17298e92895963e\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_sparc.deb\n Size/MD5 checksum: 839716 97affc72e8a8a3e3be4c6bbe5b791e6a\n http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_sparc.deb\n Size/MD5 checksum: 408802 99a619d3c9374dd861035f932acc959b\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2004-01-05T00:00:00", "published": "2004-01-05T00:00:00", "id": "DEBIAN:DSA-409-1:D4CA2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00004.html", "title": "[SECURITY] [DSA 409-1] New bind packages fix denial of service", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cert": [{"lastseen": "2020-09-18T20:43:58", "bulletinFamily": "info", "cvelist": ["CVE-2003-0459", "CVE-2003-0690", "CVE-2003-0692", "CVE-2003-0914"], "description": "### Overview \n\nThe BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains.\n\n### Description \n\nSeveral versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires. \n \n--- \n \n### Impact \n\nAttackers may conduct denial-of-service attacks on specific target domains by enticing users to query a malicious name server. \n \n--- \n \n### Solution \n\n**Upgrade BIND**\n\nThe ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit \n \n<http://www.isc.org/products/BIND/> \n \n**Apply a patch or updated version from your vendor** \n \nMany operating system vendors include BIND with their products and will be preparing new versions to address this vulnerability. For a list of vendors that the CERT/CC has received information from regarding this vulnerability, please see the Systems Affected section of this document. \n \n--- \n \n### Vendor Information\n\n734644\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 11, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMac OS X 10.3 and later: Not Vulnerable. Mac OS X 10.3 uses a later version of BIND that does not have this vulnerability. \n\n\nMac OS X 10.2.x: Recommend upgrading to Mac OS X 10.2.8, then installing BIND 8.4.3 as follows: \n \nFirst install the Developer Tools if they are not already present, then perform the following steps from the command-line in an application such as Terminal: \n \n1\\. Download BIND version 8.4.3 by executing the following command: \ncurl -O <ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz> \n \n2\\. Verify the integrity of this file by typing: \ncksum bind-src.tar.gz \nwhich should indicate \"3224691664 1438439 bind-src.tar.gz\" \n \n3\\. Unpack the distribution as follows: \ntar xvzf bind-src.tar.gz \n \n4\\. Now you're ready to start building the distribution. \ncd to the src/ directory and type \"make\" \n \n5\\. The next step will install the new named daemon: \nsudo cp bin/named/named /usr/sbin/ \n \n6\\. Reboot \n\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### FreeBSD __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`============================================================================= \nFreeBSD-SA-03:19.bind Security Advisory` \n`The FreeBSD Project \n` \n`Topic: bind8 negative cache poison attack \n` \n`Category: contrib \nModule: contrib_bind \nAnnounced: 2003-11-28 \nCredits: Internet Software Consortium \nAffects: FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE` \n`4-STABLE prior to the correction date \nCorrected: 2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE)` \n`2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11) \n2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19) \n2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1) \n2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14) \n2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24) \n2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27) \n2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37) \n2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47)` \n`CVE Name: CAN-2003-0914 \nFreeBSD only: NO \n` \n`For general information regarding FreeBSD Security Advisories, \nincluding descriptions of the fields above, security branches, and the \nfollowing sections, please visit \n<URL:``<http://www.freebsd.org/security/>``>. \n` \n`I. Background \n` \n`BIND 8 is an implementation of the Domain Name System (DNS) protocols. \nThe named(8) daemon is the Internet domain name server. \n` \n`II. Problem Description \n` \n`A programming error in BIND 8 named can result in a DNS message being \nincorrectly cached as a negative response. \n` \n`III. Impact \n` \n`An attacker may arrange for malicious DNS messages to be delivered \nto a target name server, and cause that name server to cache a \nnegative response for some target domain name. The name server would \nthereafter respond negatively to legitimate queries for that domain \nname, resulting in a denial-of-service for applications that require \nDNS. Almost all Internet applications require DNS, such as the Web, \nemail, and chat networks. \n` \n`IV. Workaround \n` \n`No workaround is known. \n` \n`V. Solution \n` \n`Do one of the following: \n` \n`1) Upgrade your vulnerable system to 4.9-STABLE; or to the RELENG_5_1, \nRELENG_4_9, RELENG_4_8, or RELENG_4_7 security branch dated after the \ncorrection date. \n` \n`2) To patch your present system: \n` \n`a) Download the relevant patch from the location below, and verify the \ndetached PGP signature using your PGP utility. \n` \n`[FreeBSD 4.9 and -STABLE systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc>`` \n` \n`[FreeBSD 4.8 and 5.1 systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc>`` \n` \n`[FreeBSD 4.4, 4.5, 4.6, 4.7, and 5.0 systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc>`` \n` \n`b) Execute the following commands as root: \n` \n`# cd /usr/src \n# patch < /path/to/patch \n# cd /usr/src/lib/libbind \n# make obj && make depend && make \n# cd /usr/src/lib/libisc \n# make obj && make depend && make \n# cd /usr/src/usr.sbin/named \n# make obj && make depend && make && make install \n# cd /usr/src/libexec/named-xfer \n# make obj && make depend && make && make install \n` \n`After upgrading or patching your system, you must restart named. \nExecute the following command as root: \n` \n`# ndc restart \n` \n`VI. Correction details \n` \n`The following list contains the revision numbers of each file that was \ncorrected in FreeBSD. \n` \n`Branch Revision \nPath` \n`- ------------------------------------------------------------------------- \nRELENG_4` \n`src/contrib/bind/CHANGES 1.1.1.7.2.11 \nsrc/contrib/bind/README 1.1.1.7.2.9 \nsrc/contrib/bind/Version 1.1.1.3.2.10 \nsrc/contrib/bind/bin/named-xfer/named-xfer.c 1.3.2.8 \nsrc/contrib/bind/bin/named/Makefile 1.3.2.6 \nsrc/contrib/bind/bin/named/ns_init.c 1.1.1.2.2.6 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.11 \nsrc/contrib/bind/bin/nslookup/commands.l 1.4.2.5 \nsrc/contrib/bind/bin/nslookup/debug.c 1.3.2.6 \nsrc/contrib/bind/bin/nslookup/getinfo.c 1.3.2.9 \nsrc/contrib/bind/bin/nslookup/main.c 1.3.2.7 \nsrc/contrib/bind/doc/man/dig.1 1.3.2.4 \nsrc/contrib/bind/doc/man/host.1 1.3.2.5 \nsrc/contrib/bind/doc/man/nslookup.8 1.2.2.5 \nsrc/contrib/bind/port/freebsd/include/port_after.h 1.6.2.9 \nsrc/contrib/bind/port/freebsd/include/port_before.h 1.1.1.2.2.6` \n`RELENG_5_1 \nsrc/UPDATING 1.251.2.13 \nsrc/sys/conf/newvers.sh 1.50.2.13 \nsrc/contrib/bind/Version 1.1.1.11.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.11.2.1` \n`RELENG_5_0 \nsrc/UPDATING 1.229.2.25 \nsrc/sys/conf/newvers.sh 1.48.2.20 \nsrc/contrib/bind/Version 1.1.1.10.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.10.2.1` \n`RELENG_4_9 \nsrc/UPDATING 1.73.2.89.2.2 \nsrc/sys/conf/newvers.sh 1.44.2.32.2.2 \nsrc/contrib/bind/Version 1.1.1.3.2.9.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.10.2.1` \n`RELENG_4_8 \nsrc/UPDATING 1.73.2.80.2.16 \nsrc/sys/conf/newvers.sh 1.44.2.29.2.15 \nsrc/contrib/bind/Version 1.1.1.3.2.8.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.9.2.1` \n`RELENG_4_7 \nsrc/UPDATING 1.73.2.74.2.27 \nsrc/sys/conf/newvers.sh 1.44.2.26.2.26 \nsrc/contrib/bind/Version 1.1.1.3.2.7.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.7.2.2` \n`RELENG_4_6 \nsrc/UPDATING 1.73.2.68.2.56 \nsrc/sys/conf/newvers.sh 1.44.2.23.2.44 \nsrc/contrib/bind/Version 1.1.1.3.2.6.2.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.6.2.3` \n`RELENG_4_5 \nsrc/UPDATING 1.73.2.50.2.54 \nsrc/sys/conf/newvers.sh 1.44.2.20.2.38 \nsrc/contrib/bind/Version 1.1.1.3.2.4.4.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.4.3` \n`RELENG_4_4 \nsrc/UPDATING 1.73.2.43.2.55 \nsrc/sys/conf/newvers.sh 1.44.2.17.2.46 \nsrc/contrib/bind/Version 1.1.1.3.2.4.2.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.2.3` \n`- ------------------------------------------------------------------------- \n` \n`VII. References \n` \n`<URL:``<http://www.kb.cert.org/vuls/id/734644>``> \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (FreeBSD) \n` \n`iD8DBQE/x8/PFdaIBMps37IRAsl8AJ9zgqn4QmO08d9zj9de8/uGKIQBNgCfeHKC \ntM9nSOzoCrM+O+TpNn6ewt4= \n=PJi2 \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`+------------------------------------------------------------------------+ \n| Guardian Digital Security Advisory November 26, 2003 | \n| ``<http://www.guardiandigital.com>`` ESA-20031126-031 | \n| | \n| Packages: bind-chroot, bind-chroot-utils | \n| Summary: cache poisoning vulnerability. | \n+------------------------------------------------------------------------+ \n` \n`EnGarde Secure Linux is an enterprise class Linux platform engineered \nto enable corporations to quickly and cost-effectively build a complete \nand secure Internet presence while preventing Internet threats.` \n \n`OVERVIEW \n- --------` \n`A cache poisoning vulnerability exists in the version of BIND shipped \nwith all versions of EnGarde Secure Linux. Successful exploitation of \nthis vulnerability may result in a temporary denial of service until \nthe bad record expires from the cache.` \n \n`The Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0914 to this issue.` \n \n`Guardian Digital products affected by this issue include: \n` \n`EnGarde Secure Community v1.0.1 \nEnGarde Secure Community 2 \nEnGarde Secure Professional v1.1 \nEnGarde Secure Professional v1.2 \nEnGarde Secure Professional v1.5` \n \n`It is recommended that all users apply this update as soon as possible. \n` \n`SOLUTION \n- --------` \n`Guardian Digital Secure Network subscribers may automatically update \naffected systems by accessing their account from within the Guardian \nDigital WebTool.` \n \n`To modify your GDSN account and contact preferences, please go to: \n` \n`<https://www.guardiandigital.com/account/>`` \n` \n`Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: \n` \n`SRPMS/bind-chroot-8.2.6-1.0.30.src.rpm \nMD5 Sum: 6127e55aaeffe9c92dcf793df910ee75` \n \n`i386/bind-chroot-8.2.6-1.0.30.i386.rpm \nMD5 Sum: b631c88d82dc4883df2271204d50abc3` \n \n`i386/bind-chroot-utils-8.2.6-1.0.30.i386.rpm \nMD5 Sum: eaac0812f751998c7f5ad66f7ba9d9d4` \n \n`i686/bind-chroot-8.2.6-1.0.30.i686.rpm \nMD5 Sum: 4b5ced2b8f72d9df3a340833ef0a60c0` \n \n`i686/bind-chroot-utils-8.2.6-1.0.30.i686.rpm \nMD5 Sum: 21f203bb6fad4a5474b179337c395442` \n \n`REFERENCES \n- ----------` \n`Guardian Digital's public key: \n``<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>` \n \n`BIND's Official Web Site: \n``<http://www.isc.org/products/BIND/>` \n \n`Guardian Digital Advisories: \n``<http://infocenter.guardiandigital.com/advisories/>` \n \n`Security Contact: security@guardiandigital.com \n` \n`- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2003, Guardian Digital, Inc. \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n` \n`iD8DBQE/xTVoHD5cqd57fu0RAvc0AJ9kvIUaS+VjjFaI1Stwj/I1u4IX1ACfSe9P \nNkyQtP2aIVcE0Ztt4ZV0uuU= \n=2G9V \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Document ID: HPSBUX0311-303 \nDate Loaded: 20031130`\n\n`Title: SSRT3653 Bind 8.1.2 \n` \n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n` \n`----------------------------------------------------------------- \nSource: HEWLETT-PACKARD COMPANY \nSECURITY BULLETIN: HPSBUX0311-303 \nOriginally issued: 30 November 2003 \nSSRT3653 Bind 8.1.2 \n-----------------------------------------------------------------` \n \n`NOTICE: There are no restrictions for distribution of this \nBulletin provided that it remains complete and intact. \n` \n`The information in the following Security Bulletin should be \nacted upon as soon as possible. Hewlett-Packard Company will \nnot be liable for any consequences to any customer resulting \nfrom customer's failure to fully implement instructions in this \nSecurity Bulletin as soon as possible. \n` \n`----------------------------------------------------------------- \n` \n`PROBLEM: Potential security vulnerability in Bind 8.1.2. \n` \n`PLATFORM: HP-UX B.11.00 and B.11.11. \n` \n`IMPACT: Potential remotely exploitable denial of service. \n` \n`SOLUTION: Until a product upgrade is available, download and \ninstall appropriate preliminary updates or upgrade \nto Bind 9.2.0.` \n \n`B.11.11 - Install the preliminary depot: \nSSRT3653UX.depot.` \n`B.11.00 - A Bind 8.1.2 upgrade is available from \nthe ftp site listed below.` \n \n`The issue can be avoided by upgrading to \nBind 9.2.0 which is available now. The security \nbulletin HPSBUX0208-209 has details about required \nrevisions of Bind 9.2.0 for B.11.00 and B.11.11.` \n \n`MANUAL ACTIONS: Yes - NonUpdate \nB.11.11 - Install SSRT3653UX.depot.` \n`or upgrade to Bind 9.2.0. \nB.11.00 - Upgrade to Bind 9.2.0 or` \n`install BIND812v005.depot. \n` \n`AVAILABILITY: This bulletin will be revised when a patch \nis available for B.11.11.` \n \n`----------------------------------------------------------------- \nA. Background` \n`The potential for a remotely exploitable denial of service \nexists in Bind 8.1.2.` \n \n`AFFECTED VERSIONS \n` \n`The following is a list by HP-UX revision of \naffected filesets and the fileset revision or \npatch containing the fix. To determine if a \nsystem has an affected version, search the \noutput of \"swlist -a revision -l fileset\" \nfor an affected fileset, then determine if \na fixed revision or the applicable patch is \ninstalled.` \n \n`HP-UX B.11.11 \n============= \nInternetSrvcs.INETSVCS-RUN \nfix: install SSRT3653UX.depot or` \n`upgrade to Bind 9.2.0. \n` \n`HP-UX B.11.00 \n============= \nBINDv812.INETSVCS-BIND \nfix: upgrade to BIND-812 revision B.11.00.01.005 or` \n`upgrade to Bind 9.2.0. \n` \n`END AFFECTED VERSIONS \n` \n`B. Recommended solution \n` \n`Note: \nThe issue can be avoided by upgrading to \nBind 9.2.0 which is available now. The security \nbulletin HPSBUX0208-209 has details about required \nrevisions of Bind 9.2.0 for B.11.00 and B.11.11.` \n \n`HP-UX B.11.00 Bind 8.1.2 \n======================== \nBIND812 for B.11.00 has been discontinued. It will \nbecome obsolete by the end of March, 2004. A new \nversion of BIND812 for B.11.00 has been created to \naddress the issue of this bulletin. However, it is \nrecommended that customers upgrade to Bind 9.2.0 now. \nMore details can be found here:` \n \n`<<http://software.hp.com/portal/swdepot/> \ndisplayProductInfo.do?productNumber=BIND812>` \n \n`The new version of BIND812 for B.11.00 is available from \nthe ftp site listed below. Since BIND812 for B.11.00 has \nbeen discontinued, this version will not be available \nfrom software.hp.com.` \n \n`HP-UX B.11.11 Bind 8.1.2 \n========================` \n \n`Until a patch is available a temporary depot has been created \nto install a version of /usr/sbin/named which addresses the \nissue. The depot is available from the ftp site listed \nbelow. The depot will not install the new named file unless \nPHNE_28450 has been installed first. PHNE_28450 is available \nfrom <<http://itrc.hp.com>>.` \n \n`========================================================= \n` \n`For B.11.00 download BIND812v005.depot from the \nfollowing ftp site.` \n \n`For B.11.11 download SSRT3653UX.depot from the \nfollowing ftp site.` \n \n`System: hprc.external.hp.com (192.170.19.51) \nLogin: bind812 \nPassword: bind812` \n \n`FTP Access: <ftp://bind:bind1@hprc.external.hp.com/> \nor: <ftp://bind:bind1@192.170.19.51/>` \n`For B.11.11 - file: SSRT3653UX.depot \nFor B.11.00 - file: BIND812v005.depot` \n \n`Note: There is an ftp defect in IE5 that may result in \na browser hang. To work around this:` \n`- Select Tools -> Internet Options -> Advanced \n- Un-check the option:` \n`[ ] Enable folder view for FTP sites \n` \n`If you wish to verify the md5 sum please refer to: \n` \n`HPSBUX9408-016 \nPatch sums and the MD5 program` \n \n`For B11.00 - BIND812v005.depot \ncksum: 1413515727 1239040 BIND812v005.depot \nMD5 (BIND812v005.depot) = 333920fa1b74820bee15f2287bacc3c2` \n \n`For B.11.11 - SSRT3653UX.depot \ncksum: 509054485 389120 SSRT3653UX.depot \nMD5 (SSRT3653UX.depot) = ee96c169ec3712d5907b7fe983d108dc` \n \n`For B.11.00 - Install BIND812v005.depot using swinstall. \n` \n`For B.11.11 - Install SSRT3653UX.depot using swinstall \nafter PHNE_28450 has been installed.` \n \n`Further information is available in the readme file: \ncd <directory containing SSRT3653UX.depot> \nswlist -d -l product -a readme @ $PWD/SSRT3653UX.depot` \n \n \n`- ------------------------------------------------------------------ \n` \n`C. To subscribe to automatically receive future NEW HP Security \nBulletins from the HP IT Resource Center via electronic \nmail, do the following:` \n \n`Use your browser to get to the HP IT Resource Center page \nat:` \n \n`<http://itrc.hp.com> \n` \n`Use the 'Login' tab at the left side of the screen to login \nusing your ID and password. Use your existing login or the \n\"Register\" button at the left to create a login, in order to \ngain access to many areas of the ITRC. Remember to save the \nUser ID assigned to you, and your password.` \n \n`In the left most frame select \"Maintenance and Support\". \n` \n`Under the \"Notifications\" section (near the bottom of \nthe page), select \"Support Information Digests\".` \n \n`To -subscribe- to future HP Security Bulletins or other \nTechnical Digests, click the check box (in the left column) \nfor the appropriate digest and then click the \"Update \nSubscriptions\" button at the bottom of the page.` \n \n`or \n` \n`To -review- bulletins already released, select the link \n(in the middle column) for the appropriate digest.` \n \n`To -gain access- to the Security Patch Matrix, select \nthe link for \"The Security Bulletins Archive\". (near the \nbottom of the page) Once in the archive the third link is \nto the current Security Patch Matrix. Updated daily, this \nmatrix categorizes security patches by platform/OS release, \nand by bulletin topic. Security Patch Check completely \nautomates the process of reviewing the patch matrix for \n11.XX systems.` \n \n`For information on the Security Patch Check tool, see: \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=B6834AA` \n \n`The security patch matrix is also available via anonymous \nftp:` \n \n`<ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/> \n` \n`On the \"Support Information Digest Main\" page: \nclick on the \"HP Security Bulletin Archive\".` \n \n`D. To report new security vulnerabilities, send email to \n` \n`security-alert@hp.com \n` \n`Please encrypt any exploit information using the \nsecurity-alert PGP key, available from your local key \nserver, or by sending a message with a -subject- (not body) \nof 'get key' (no quotes) to security-alert@hp.com.` \n \n`---------------------------------------------------------------- \n` \n`(c) Copyright 2003 Hewlett-Packard Company \nHewlett-Packard Company shall not be liable for technical or \neditorial errors or omissions contained herein. The information \nin this document is subject to change without notice. \nHewlett-Packard Company and the names of HP products referenced \nherein are trademarks and/or service marks of Hewlett-Packard \nCompany. Other product and company names mentioned herein may be \ntrademarks and/or service marks of their respective owners. \n` \n`________________________________________________________________ \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: PGP 8.0.2 \n` \n`iQA/AwUBP8oPruAfOvwtKn1ZEQJTlwCg2y1qe8rZiKbUPHuCPkFbIIhVaPkAnja2 \n/Nbi2zNFnmk0FQ0mtBxKx48U \n=L5yo \n-----END PGP SIGNATURE----- \n-----End of Document ID: HPSBUX0311-303--------------------------------------`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### IBM __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below. \n\n\nAPAR number for AIX 4.3.3: IY49899 (available 2/25/2004) \nAPAR number for AIX 5.1.0: IY49881 (available) \nAPAR number for AIX 5.2.0: IY49883 (available 12/24/2003) \n \nThese APARs can be downloaded by following the link for IBM's Fix Central at: \n\n\n<http://www-1.ibm.com/servers/eserver/support/eseries/fixes> \nEfix packages for 4.3.3 and 5.2.0 will be available by 12/02/2004 at: \n\n\n<ftp://aix.software.ibm.com/aix/efixes/security/dns_poison_efix.tar.Z>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nIBM has published APAR IY49881 regarding this vulnerability. For more information, please see:\n\n### Immunix __ Affected\n\nUpdated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`[Outlook and Notes users -- please ask your system administrators to \nassist you in creating out-of-office-autoreplies that respect public \nmail lists; perhaps, creating such a reply that works only within the \norganization or business partners.] \n`\n\n`[Virus scanner administrators -- sending virus warnings to a From: or \nFrom_ header is a waste of time. Please configure your scanners to drop \nmail in the SMTP protocol, and not bounce the email after the fact. \nThanks.] \n` \n`----------------------------------------------------------------------- \nImmunix Secured OS Security Advisory` \n \n`Packages updated:bind \nAffected products:Immunix OS 7+ \nBugs fixed:VU#734644 CAN-2003-0914 \nDate:Mon Oct 27 2003 \nAdvisory ID:IMNX-2003-7+-024-01 \nAuthor:Seth Arnold <sarnold@immunix.com> \n----------------------------------------------------------------------- \n` \n`Description: \nA vulnerability has been found in BIND that \".. allows an attacker to \nconduct cache poisoning attacks on vulnerable name servers by \nconvincing the servers to retain invalid negative responses.\"` \n \n`Our bind-8.2.3-3.3_imnx_5 packages fix this problem using a patch \nderived from the BIND 8.3.7 release. This vulnerability has been named \nCAN-2003-0914 by the CVE project.` \n \n`We'd like to apologize to our US subscribers for the incredibly poor \ntiming, to release this notice a day before the Thanksgiving holiday. \nOur options were limited by ISC, the package maintainer.` \n \n`References: ``<http://www.kb.cert.org/vuls/id/734644>`` \n``<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914>` \n \n`Package names and locations: \nPrecompiled binary packages for Immunix 7+ are available at: \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm>`` \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm>`` \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm>` \n \n`A source package for Immunix 7+ is available at: \n``<http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm>` \n \n`Immunix OS 7+ md5sums: \n8a5874f96e1c76b11c214ab16e1183f4 RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm \n83535ea7a69ab222ccf5c8664bfd66b9 RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm \n7669fedc653731bf54cc0dd48b258a8f RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm \n445c908f0c4daffe0a153bc7e5514a85 SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm` \n \n \n`GPG verification: \nOur public keys are available at ``<http://download.immunix.org/GPG_KEY>`` \nImmunix, Inc., has changed policy with GPG keys. We maintain several \nkeys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for \nImmunix 7.3 package signing, and 1B7456DA for general security issues.` \n \n \n`NOTE: \nIbiblio is graciously mirroring our updates, so if the links above are \nslow, please try:` \n`<ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/>`` \nor one of the many mirrors available at:` \n`<http://www.ibiblio.org/pub/Linux/MIRRORS.html>`` \n` \n`ImmunixOS 6.2 is no longer officially supported. \nImmunixOS 7.0 is no longer officially supported.` \n \n`Contact information: \nTo report vulnerabilities, please contact security@immunix.com. \nImmunix attempts to conform to the RFP vulnerability disclosure protocol` \n`<http://www.wiretrip.net/rfp/policy.html>``.`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Internet Software Consortium __ Affected\n\nNotified: September 04, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n` Internet Software Consortium Security Advisory. \nNegative Cache Poison Attack`\n\n` 4 September 2003 \n` \n` Versions affected: \nBIND 8 prior to 8.3.7 \nBIND 8.4.3 Release (8.4.3-REL) \n` \n`BIND 8.4.3 is a maintenance release of BIND 8.4. It includes the BIND 8.4.2 \nrelease which includes a security fix (also released as BIND 8.3.7). \n` \n`Highlights. \nMaintenance Release.` \n \n`Highlights (8.4.2) \nSecurity Fix: Negative Cache Poison Fix.` \n \n`the distribution files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz> \n<Ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz> \n` \n`the pgp signature files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz.asc> \n` \n`the md5 checksums are: \n` \n \n`MD5 (bind-contrib.tar.gz) = 454f8e3caf1610941a656fcc17e1ecec \nMD5 (bind-contrib.tar.gz.asc) = f8f0a5b8985a8180e5bd02207f319980 \nMD5 (bind-doc.tar.gz) = fcfdaaa2fc7d6485b0e3d08299948bd3 \nMD5 (bind-doc.tar.gz.asc) = fc0671468c2e3a1e5ff817b69da21a6b \nMD5 (bind-src.tar.gz) = e78610fc1663cfe8c2db6a2d132d902b \nMD5 (bind-src.tar.gz.asc) = 40453b40819fd940ad4bfabd26425619 \n` \n`Windows NT / Windows 2000 binary distribution. \n` \n`<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1st.txt> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip.asc> \n` \n`<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1sttools.txt> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip.asc> \n` \n`the md5 checksums are: \n` \n`MD5 (readme1st.txt) = ac4ce260f151dc1ab393c145f4288bba \nMD5 (BIND8.4.3.zip) = 7c3e333f90edbe3820952a62ff6ffdf3 \nMD5 (BIND8.4.3.zip.asc) = f2190cc390ce584c0cc624835bdcc8eb \n` \n`MD5 (readme1sttools.txt) = eef4c5782be1a1faac3ca0c756eaef05 \nMD5 (BIND8.4.3Tools.zip) = 8cb29c092394dfa430ef9ea47b6a02ea \nMD5 (BIND8.4.3Tools.zip.asc) = a77b2adb1f23db780f45efee32a92882 \n` \n`top of CHANGES says: \n` \n`--- 8.4.3 released --- (Mon Nov 24 17:27:52 PST 2003) \n` \n`1617.[cleanup]don't pre-fetch missing additional address records if \nwe have one of A/AAAA.` \n \n`1616.[func]turn on \"preferred-glue A;\" (if not specified in \nnamed.conf) if the answer space is a standard UDP \nmessage size or smaller.` \n \n`1615.[func]when query logging log whether TSIG (T) and/or EDNS (E) \nwas used to make the query.` \n \n`1614.[cleanup]on dual (IPv4+IPv6) stack servers delay the lookup of \nmissing glue if we have glue for one family.` \n \n`1613.[cleanup]notify: don't lookup A/AAAA records for nameservers \nif we don't support the address at the transport level.` \n \n`1612.[func]named now takes arguements -4 and -6 to limit the \nIP transport used for making queries.` \n \n`1611.[debug]better packet tracing in debug output (+ some lint). \n` \n`1610.[bug]don't explictly declare errno use <errno.h>. \n` \n`1609.[bug]drop_port() was being called with ports in network \norder rather than host order.` \n \n`1608.[port]sun: force alignment of answer in dig.c. \n` \n`1607.[bug]do not attempt to prime cache when recursion and \nfetch-glue are disabled.` \n \n`1606.[bug]sysquery duplicate detection was broken when \nusing forwarders.` \n \n`1605.[port]sun: force alignment of newmsg in ns_resp.c. \n` \n`1604.[bug]heap_delete() sometimes violated the heap invariant, \ncausing timer events not to be posted when due.` \n \n`1603.[port]ds_remove_gen() mishandled removal IPv6 interfaces. \n` \n`1602.[port]linux: work around a non-standard __P macro. \n` \n`1601.[bug]dig could report the wrong server address on transfers. \n` \n`1600.[bug]debug_freestr() prototype mismatch. \n` \n`1599.[bug]res_nsearch() save statp->res_h_errno instead of \nh_errno.` \n \n`1598.[bug]dprint_ip_match_list() fails to print the mask \ncorrectly.` \n \n`1597.[bug]use the actual presentation length of the IP address \nto determine if sprintf() is safe in write_tsig_info().` \n \n`--- 8.4.2 released --- (Thu Sep 4 06:58:22 PDT 2003) \n` \n`1596.[port]winnt: set USELOOPBACK in port_after.h \n` \n`1595.[bug]dig: strcat used instead of strcpy. \n` \n`1594.[bug]if only a single nameserver was listed in resolv.conf \nIPv6 default server was also being used.` \n \n`1593.[port]irix: update port/irix/irix_patch. \n` \n`1592.[port]irix: provide a sysctl() based getifaddrs() \nimplementation.` \n \n`1591.[port]irix: sa_len is a macro. \n` \n`1590.[port]irix: doesn't have msg_control (NO_MSG_CONTROL) \n` \n`1589.[port]linux: uninitalised variable. \n` \n`1588.[port]solaris: provide ALIGN. \n` \n`1587.[port]NGR_R_END_RESULT was not correct for some ports. \n` \n`1586.[port]winnt: revert to old socket behaviour for UDP \nsockets (Windows 2000 SP2 and later).` \n \n`1585.[port]solaris: named-xfer needs <fcntl.h>. \n` \n`1584.[port]bsdos: explictly include <netinet6/in6.h> for \n4.0 and 4.1.` \n \n`1583.[bug]add -X to named-xfer usage message. \n` \n`1582.[bug]ns_ownercontext() failed to set the correct owner \ncontext for AAAA records. ns_ptrcontext() failed \nto return the correct context for IP6.ARPA.` \n \n`1581.[bug]apply anti-cache poison techniques to negative \nanswers.` \n \n`1580.[bug]inet_net_pton() didn't fully handle implicit \nmulticast IPv4 network addresses.` \n \n`1579.[bug]ifa_addr can be NULL. \n` \n`1578.[bug]named-xfer: wrong arguement passed to getnameinfo(). \n` \n`1577. [func] return referrals for glue (NS/A/AAAA) if recursion \nis not desired (hp->rd = 0).` \n \n`1576.[bug]res_nsendsigned() incorrectly printed the truncated \nUDP response when RES_IGNTC was not set.` \n \n`1575.[bug]tcp_send() passed the wrong length to evConnect(). \n` \n`1574.[bug]res_nsendsigned() failed to handle truncation \ncleanly.` \n \n`1573.[bug]tsig_size was not being copied by ns_forw(). \n` \n`1572.[port]bsdos: missing #include <ifaddrs.h>. \n` \n`1571.[bug]AA was sometimes incorrectly set. \n` \n`1570.[port]decunix: change #1544 broke OSF1 3.2C. \n` \n`1569.[bug]remove extraneous closes. \n` \n`1568.[cleanup]reduce the memory footprint for large numbers of \nzones.` \n \n`1567.[port]winnt: install MSVC70.DLL and MFC70.DLL. \n` \n`1566.[bug]named failed to locate keys declared in masters \nclause.` \n \n`1565.[bug]named-xfer was failing to use TSIG. \n` \n`1564.[port]linux: allow static linkage to work. \n` \n`1563.[bug]ndc getargs_closure failed to NUL terminate strings. \n` \n`1562.[bug]handle non-responsive servers better. \n` \n`1561.[bug]rtt estimates were not being updated for IPv6 \naddresses.` \n \n`1560.[port]linux: add runtime support to handle old kernels \nthat don't know about msg_control.` \n \n`1559.[port]named, named-xfer: ensure that stdin, stdout and \nstderr are open.` \n \n`--- 8.4.1-P1 released --- (Sun Jun 15 17:35:10 PDT 2003) \n` \n`1558.[port]sunos4 doesn't have msg_control (NO_MSG_CONTROL). \n` \n`1557.[port]linux: socket returns EINVAL for unsupported family. \n` \n`1556.[bug]reference through NULL pointer. \n` \n`1555.[bug]sortlist wasn't being applied to AAAA queries. \n` \n`1554.[bug]IPv4 access list elements of the form number/number \n(e.g. 127/8) were not correctly defined.` \n \n`1553.[bug]getifaddrs*() failed to set ifa_dstaddr for point \nto point links (overwrote ifa_addr).` \n \n`1552.[bug]buffer overruns in getifaddrs*() if the server has \npoint to point links.` \n \n`1551.[port]freebsd: USE_IFNAMELINKIDS should be conditionally \ndefined.` \n \n`1550.[port]TruCluster support didn't build. \n` \n`1549.[port]Solaris 9 has /dev/random. \n` \n`--- 8.4.1-REL released --- (Sun Jun 8 15:11:32 PDT 2003) \n` \n`1548.[port]winnt: make recv visible from libbind. \n` \n`1547.[port]cope with spurious EINVAL from evRead. \n` \n`1546.[cleanup]dig now reports version 8.4. \n` \n`1545.[bug]getifaddrs_sun6 was broken. \n` \n`1544.[port]hpux 10.20 has a broken recvfrom(). Revert to recv() \nin named-xfer and work around deprecated recv() in \nOSF.` \n \n`1543.[bug]named failed to send notifies to servers that live \nin zones it was authoritative for.` \n \n`1542.[bug]set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel \nsupports it.` \n \n`1541.[bug]getifaddrs_sun6() should be a no-op on early SunOS \nreleases.` \n \n`--- 8.4.0-REL released --- (Sun Jun 1 17:49:31 PDT 2003) \nBIND 8.3.7 Release` \n \n`BIND 8.3.7 is a security release of BIND 8.3. This is expected to \nbe the last release of BIND 8.3 except for security issues. \n` \n`The recommended version to use is BIND 9.2.3. If for whatever \nreason you must run BIND 8, use nothing earlier than 8.3.7-REL, \n8.4.2-REL. Do not under any circumstances run BIND 4. \n` \n`Highlights vs. 8.3.6 \nSecurity Fix: Negative Cache Poison Fix.` \n \n`Highlights vs. 8.3.5 \nMaintenance release.` \n \n`Highlights vs. 8.3.4 \nMaintenance release.` \n \n`Highlights vs. 8.3.3 \nSecurity Fix DoS and buffer overrun.` \n \n`Highlights vs. 8.3.2 \nSecurity Fix libbind. All applications linked against libbind \nneed to re-linked. \n'rndc restart' now preserves named's arguments` \n \n`Highlights vs. BIND 8.3.1: \ndig, nslookup, host and nsupdate have improved IPv6 support.` \n \n`Highlights vs. BIND 8.3.0: \n` \n`Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you \nneed to upgrade.` \n \n`the distribution files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz> \n` \n`the pgp signature files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz.asc> \n` \n`the md5 checksums are: \n` \n`MD5 (bind-contrib.tar.gz) = 89009ee8d937cd652a77742644772023 \nMD5 (bind-contrib.tar.gz.asc) = 3b91ed818771d21aa37c3ecc4685ba9d \nMD5 (bind-doc.tar.gz) = b7ccbde30d8c43202eabf61a51366852 \nMD5 (bind-doc.tar.gz.asc) = 333f80ec3d12ef7fc27a19ba2f9a9be0 \nMD5 (bind-src.tar.gz) = 36cc1660eb7d73e872a1e5af6f832167 \nMD5 (bind-src.tar.gz.asc) = 50a45b11e12441142d6eac423c5d01c7 \n` \n`Windows NT / Windows 2000 binary distribution. \n` \n`There will be no Windows binary release of BIND 8.3.7. \nThe current Windows binary release is BIND 8.4.3.` \n \n`top of CHANGES says: \n` \n`--- 8.3.7-REL released --- (Wed Sep 3 21:01:37 PDT 2003) \n` \n`1581.[bug]apply anti-cache poison techniques to negative \nanswers.` \n \n`--- 8.3.6-REL released --- (Sun Jun 8 15:11:32 PDT 2003) \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### NetBSD __ Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nNetBSD (1.6, 1.6.1 and current) is shipping with vulnerable version of BIND 8. We will upgrade to either 8.3.7 or 8.4.2 as soon as ISC releases the info to the public. Or, users might want to use BIND 9 from pkgsrc.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nixu __ Affected\n\nNotified: October 21, 2003 Updated: November 20, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe current versions of Nixu NameSurfer are not affected by this issue as they ship with BIND 9.2.2. However, as NameSurfer Suite and NameSurfer Standard Edition also support all the earlier versions of BIND, Nixu recommends that all organizations operating an existing Nixu NameSurfer installation upgrade their visible nameservers to BIND versions 9.2.1 or newer; BIND9 is compatible with NameSurfer versions 3.0.1 or newer.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### SuSE Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n`\n\n`______________________________________________________________________________ \n` \n`SUSE Security Announcement \n` \n`Package: bind8 \nAnnouncement-ID: SuSE-SA:2003:047 \nDate: Friday, Nov 28th 2003 15:30 MEST \nAffected products: 7.3, 8.0, 8.1, 8.2 \nVulnerability Type: cache poisoning/denial-of-service \nSeverity (1-10): 5 \nSUSE default package: yes \nCross References: CAN-2003-0914` \n \n`Content of this advisory: \n1) security vulnerability resolved:` \n`- caching negative answers \nproblem description, discussion, solution and upgrade information` \n`2) pending vulnerabilities, solutions, workarounds: \n- ethereal \n- KDE \n- mc \n- apache1/2 \n- gpg \n- freeradius \n- xscreensaver \n- screen \n- mod_gzip \n- gnpan` \n`3) standard appendix (further information) \n` \n`______________________________________________________________________________ \n` \n`1) problem description, brief discussion, solution, upgrade information \n` \n`To resolve IP addresses to host and domain names and vice versa the \nDNS service needs to be consulted. The most popular DNS software is \nthe BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote \ndenial-of-service attack by poisoning the cache with authoritative \nnegative responses that should not be accepted otherwise. \nTo execute this attack a name-server needs to be under malicious \ncontrol and the victim's bind8 has to query this name-server. \nThe attacker can set a high TTL value to keep his negative record as \nlong as possible in the cache of the victim. For this time the clients \nof the attacked site that rely on the bind8 service will not be able \nto reach the domain specified in the negative record. \nThese records should disappear after the time-interval (TTL) elapsed.` \n \n`There is no temporary workaround for this bug. \n` \n`To make this update effective run \"rcnamed restart\" as root please. \n` \n`Please download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the package using the command \"rpm -Fhv file.rpm\" to apply \nthe update. \nOur maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web.` \n \n \n`Intel i386 Platform: \n` \n`SuSE-8.2: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.rpm>` \n`3d44d46f0e8397c69d53e96aba9fbd6d \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.patch.rpm>` \n`cce1df09a0b6fb5cbbddcc462f055c64 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/bind8-8.3.4-64.src.rpm>` \n`a980a0eca79de02f135fce1cbe84ee22 \n` \n`SuSE-8.1: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.rpm>` \n`4a46d0560eac1ca5de77c12f8abe4952 \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.patch.rpm>` \n`c8020302f6f161e9d86a3f1615304a23 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-336.src.rpm>` \n`c9ee184cbd1f1722c94de9fd66f11801 \n` \n`SuSE-8.0: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.rpm>` \n`f739fdb03a7df6685e0aa026f98a0389 \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.patch.rpm>` \n`a3de26e06b689d29b4b4b08c04fa32f4 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-334.src.rpm>` \n`85d8d9fee3c8a029263777a45b4af011 \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-334.i386.rpm>` \n`381c2b6f805ca30d0fefc98afaee9ba0 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-334.src.rpm>` \n`97a87469cfb573bdd89f8f3a2c02264f \n` \n \n \n`Sparc Platform: \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm>` \n`c08454b933ed2365d9d2ab1322803af6 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm>` \n`827a7f56273c7a25ac40ffba728e9150 \n` \n \n \n`PPC Power PC Platform: \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-243.ppc.rpm>` \n`12f1f205c08449e945c8ad344a8e3b41 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-243.src.rpm>` \n`177093e76b3b8d2679089a1ab1c46d0e \n` \n`______________________________________________________________________________ \n` \n`2) Pending vulnerabilities in SUSE Distributions and Workarounds: \n` \n`- ethereal \nA new official version of ethereal, a network traffic analyzer, was \nreleased to fix various security-related problems. \nAn update package is currently being tested and will be released \nas soon as possible.` \n \n`- KDE \nNew KDE packages are currently being tested. These packages fixes \nseveral vulnerabilities:` \n`+ remote root compromise (CAN-2003-0690) \n+ weak cookies (CAN-2003-0692) \n+ SSL man-in-the-middle attack \n+ information leak through HTML-referrer (CAN-2003-0459) \n+ wrong file permissions of config files` \n`The packages will be release as soon as testing is finished. \n` \n`- mc \nBy using a special combination of links in archive-files it is possible \nto execute arbitrary commands while mc tries to open it in its VFS. \nThe packages are currently tested and will be release as soon as \npossible.` \n \n`- apache1/2 \nThe widely used HTTP server apache has several security vulnerabilities:` \n`- locally exploitable buffer overflow in the regular expression code. \nThe attacker must be able to modify .htaccess or httpd.conf. \n(affects: mod_alias and mod_rewrite)` \n`- under some circumstances mod_cgid will output its data to the \nwrong client (affects: apache2)` \n`The new packages are available on our FTP servers. \n` \n \n`- gpg \nIn GnuPG version 1.0.2 a new code for ElGamal was introduced. \nThis code leads to an attack on users who use ElGamal keys for \nsigning. It is possible to reconstruct the private ElGamal key \nby analyzing a public ElGamal signature. \nPlease note that the ElGamal algorithm is seldomly used and GnuPG \ndisplays several warnings when generating ElGamal signature keys. \nThe default key generation process in GnuPG will create a DSA signature \nkey and an ElGamal subkey for _encryption only_. These keys are not \naffected by this vulnerability. \nAnyone using ElGamal signature keys (type 20, check fourth field of \n\"gpg --list-keys --with-colon\" output) should revoke them.` \n \n`- freeradius \nTwo vulnerabilities were found in the FreeRADIUS package. \nThe remote denial-of-service attack bug was fixed and new packages \nwill be released as soon as testing was successfully finished. \nThe other bug is a remote buffer overflow in the module rlm_smb. \nWe do not ship this module and will fix it for future releases.` \n \n`- xscreensaver \nThe well known screen-saver for X is vulnerable to several local \ntmp file attacks as well as a crash when verifying a password. \nOnly SuSE Linux 9.0 products are affected. \nThe new packages are available on our FTP servers.` \n \n`- screen \nA buffer overflow in screen was reported. Since SuSE Linux 8.0 \nwe do not ship screen with the s-bit anymore. An update package \nwill be released for 7.3 as soon as possible.` \n \n`- mod_gzip \nThe apache module mod_gzip is vulnerable to remote code execution \nwhile running in debug-mode. We do not ship this module in debug-mode \nbut future versions will include the fix.` \n \n`- gnpan \nA remote denial-of-service attack can be run against the GNOME \nnews-reader program gnpan. This bug affects SuSE Linux 8.0, 8.1, 8.2. \nUpdate packages are available on our FTP servers.` \n \n`______________________________________________________________________________ \n` \n`3) standard appendix: authenticity verification, additional information \n` \n`- Package authenticity verification: \n` \n`SUSE update packages are available on many mirror ftp servers all over \nthe world. While this service is being considered valuable and important \nto the free and open source software community, many users wish to be \nsure about the origin of the package and its content before installing \nthe package. There are two verification methods that can be used \nindependently from each other to prove the authenticity of a downloaded \nfile or rpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package.` \n \n`1) execute the command \nmd5sum <name-of-the-file.rpm>` \n`after you downloaded the file from a SUSE ftp server or its mirrors. \nThen, compare the resulting md5sum with the one that is listed in the \nannouncement. Since the announcement containing the checksums is \ncryptographically signed (usually using the key security@suse.de), \nthe checksums show proof of the authenticity of the package. \nWe disrecommend to subscribe to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless.` \n \n`2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command` \n`rpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites:` \n`a) gpg is installed \nb) The package is signed using a certain key. The public part of this` \n`key must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SUSE in rpm packages for SUSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root):` \n`gpg --batch; gpg < announcement.txt | gpg --import \nSUSE Linux distributions version 7.1 and thereafter install the \nkey \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at ``<ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de>`` .` \n \n \n`- SUSE runs two security mailing lists to which any interested party may \nsubscribe:` \n \n`suse-security@suse.com \n- general/linux/SUSE security discussion.` \n`All SUSE security announcements are sent to this list. \nTo subscribe, send an email to` \n`<suse-security-subscribe@suse.com>. \n` \n`suse-security-announce@suse.com \n- SUSE's announce-only mailing list.` \n`Only SUSE's security announcements are sent to this list. \nTo subscribe, send an email to` \n`<suse-security-announce-subscribe@suse.com>. \n` \n`For general information or the frequently asked questions (faq) \nsend mail to:` \n`<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively.` \n \n`===================================================================== \nSUSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n=====================================================================` \n`______________________________________________________________________________ \n` \n`The information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature shows proof of the \nauthenticity of the text. \nSUSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory.` \n \n`Type Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> \n` \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 \n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH` \n`ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1` \n`wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY \nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X \n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p \nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK----- \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n` \n`iQEVAwUBP8dgT3ey5gA9JdPZAQH5LQf+MA/cLvB14QAZFTXwtqB2tNpcotkmJyF8 \noWbsWl7EnsF6hlR7tr3Hjk2bvpzE8yLShtckMvtVAy1Xj29fvWpHjtZM1TEfjWSk \nXgxeJ4n5HvKMjyOYopNgdbdQCvcr8v4eWjVA9ekK/WXikIXRWsiN9PhT6c0NQxfA \ntO7zHQYHhGwH4jae8aD6EPWJhc1sLzQMC4XCkFxIFlZouAtVr7rShDNUamKcaV63 \n5c1uhewBorqfD7o8x85OCXcAA9WEnEs7t/mJnHC0hLgYF259YxX3HtXrj18jnD8/ \nYvVnzfkQwDxRY3qALRjAfd05QGOGir75fSBCtofP2lDPg8igRFo8UQ== \n=fX7r \n-----END PGP SIGNATURE----- \n` \n`Bye, \nThomas` \n`-- \nThomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing` \n`\"lynx -source ``<http://www.suse.de/~thomas/contact/thomas.asc>`` | pgp -fka\" \nKey fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83` \n`-- \n... stay with me, safe and ignorant, go back to sleep...` \n`- Maynard James Keenan \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`All supported releases of Solaris (ie Solaris 7, 8 and 9) \nare affected by this issue. We have published a Sun Alert which is \navailable from: \n``<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/57434>`` \n`\n\n`It describes a possible workaround that can be used until official patches \nare released. \n` \n`Supported Cobalt platforms and Sun Linux 5.0 are also affected. A Sun \nAlert will be published and will be available from: \n``<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/>`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### The SCO Group (SCO UnixWare) __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUnixWare 7.1.3: Unaffected current version of bind is 9.2.1. \nOpen UNIX 8.0.0 (aka UnixWare 7.1.2) Unaffected current version of bind is 9.2.0. \nUnixWare 7.1.1: Affected. Fix will be at \n\n\n \n<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33> \nOpenServer: fix in-progress \n \nOpenLinux: also fix in-progress \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n` \n \n`______________________________________________________________________________ \n` \n`SCO Security Advisory \n` \n`Subject:UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 \nAdvisory number: CSSA-2003-SCO.33 \nIssue date: 2003 December 01 \nCross reference: sr886768 fz528464 erg712479 CAN-2003-0914 \n______________________________________________________________________________ \n` \n \n`1. Problem Description \n` \n`UnixWare 7.1.3 is unaffected by this issue because the \nversion of bind included in UnixWare 7.1.3 is 9.2.1.` \n \n`Open UNIX is also unaffected by this issue because the version \nof bind in Open UNIX 8.0.0 is 9.1.0.` \n \n`CERT/CC Incident Note VU#734644 \n` \n`BIND is an implementation of the Domain Name System (DNS) \nprotocols. Successful exploitation of this vulnerability \nmay result in a temporary denial of service.` \n \n`The Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CAN-2003-0914 to this issue.` \n \n \n`2. Vulnerable Supported Versions \n` \n`SystemBinaries \n---------------------------------------------------------------------- \nUnixWare 7.1.1 /usr/sbin/addr` \n`/usr/sbin/dig \n/usr/sbin/dnskeygen \n/usr/sbin/dnsquery \n/usr/sbin/host \n/usr/sbin/in.named \n/usr/sbin/irpd \n/usr/sbin/mkservdb \n/usr/sbin/named-bootconf \n/usr/sbin/named-bootconf.pl \n/usr/sbin/named-xfer \n/usr/sbin/ndc \n/usr/sbin/nslookup \n/usr/sbin/nsupdate` \n \n`3. Solution \n` \n`The proper solution is to install the latest packages. \n` \n \n`4. UnixWare 7.1.1 \n` \n`4.1 Location of Fixed Binaries \n` \n`<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33> \n` \n \n`4.2 Verification \n` \n`MD5 (erg712479.Z) = c1faea2a6a1da952e88c5123f88a2f89 \n` \n`md5 is available for download from \n<ftp://ftp.sco.com/pub/security/tools>` \n \n \n`4.3 Installing Fixed Binaries \n` \n`Upgrade the affected binaries with the following sequence: \n` \n`Unknown installation method \n` \n \n`5. References \n` \n`Specific references for this advisory: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914>` \n \n`SCO security resources: \n<http://www.sco.com/support/security/index.html>` \n \n`This security fix closes SCO incidents sr886768 fz528464 \nerg712479.` \n \n \n`6. Disclaimer \n` \n`SCO is not responsible for the misuse of any of the information \nwe provide on this website and/or through our security \nadvisories. Our advisories are a service to our customers \nintended to promote secure installation and use of SCO \nproducts.` \n`______________________________________________________________________________ \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (SCO/UNIX_SVR5) \n` \n`iD8DBQE/y8gZaqoBO7ipriERAkRQAKCQ+f4Q5Etfz8L83tr/vGGRzI1kYQCgl/hK \ng7YQSKd9TDnf59KkuFTbrBQ= \n=XyVk \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nUpdated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see `<http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt>`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2003-0044 \n` \n`Package name: bind \nSummary: negative cache sec. fix \nDate: 2003-11-27 \nAffected versions: TSL 1.2, 1.5 \n` \n`- -------------------------------------------------------------------------- \nPackage description:` \n`BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain \nName System) protocols. BIND includes a DNS server (named), which resolves \nhost names to IP addresses, and a resolver library (routines for applications \nto use when interfacing with DNS). A DNS server allows clients to name \nresources or objects and share the information with other network machines. \nThe named DNS server can be used on workstations as a caching name server, \nbut is generally only needed on one machine for an entire network. Note that \nthe configuration files for making BIND act as a simple caching nameserver \nare included in the caching-nameserver package.Install the bind package if \nyou need a DNS server for your network. If you want bind to act a caching \nname server, you will also need to install the caching-nameserver package.` \n \n`Problem description: \nAccording the the bind announcment dated Thu, 27 Nov 2003, the new upstream \nbind 8.3.7 fixes a security problem:` \n \n`Security Fix: Negative Cache Poison Fix. \n` \n`This issue has been addressed in these updates. \n` \n \n`Action: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system.` \n \n \n`Location: \nAll TSL updates are available from \n<URI:``<http://http.trustix.org/pub/trustix/updates/>``> \n<URI:``<ftp://ftp.trustix.org/pub/trustix/updates/>``>` \n \n \n`About Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater.` \n \n \n`Automatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'.` \n \n \n`Public testing: \nThese packages have been available for public testing for some time. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:``<http://tsldev.trustix.org/cloud/>``>` \n \n`You may also use swup for public testing of updates: \n` \n`site { \nclass = 0 \nlocation = \"``<http://tsldev.trustix.org/cloud/rdfs/latest.rdf>``\" \nregexp = \".*\"` \n`} \n` \n \n`Questions? \nCheck out our mailing lists: \n<URI:``<http://www.trustix.org/support/>``>` \n \n \n`Verification: \nThis advisory along with all TSL packages are signed with the TSL sign key. \nThis key is available from: \n<URI:``<http://www.trustix.org/TSL-SIGN-KEY>``>` \n \n`The advisory itself is available from the errata pages at \n<URI:``<http://www.trustix.org/errata/trustix-1.2/>``> and \n<URI:``<http://www.trustix.org/errata/trustix-1.5/>``> \nor directly at \n<URI:``<http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt>``>` \n \n \n`MD5sums of the packages: \n- -------------------------------------------------------------------------- \n0e109cf7c3ec04f6adfbd3dddcbc94d3 ./1.5/srpms/bind-8.2.6-3tr.src.rpm \nb353b0517f50b18c6f2bb180151ad671 ./1.5/rpms/bind-utils-8.2.6-3tr.i586.rpm \n872ed56a159fa9e8404e30c6f6afdce0 ./1.5/rpms/bind-devel-8.2.6-3tr.i586.rpm \nade76318032b7a95f2426edcf10e75a8 ./1.5/rpms/bind-8.2.6-3tr.i586.rpm \n0e109cf7c3ec04f6adfbd3dddcbc94d3 ./1.2/srpms/bind-8.2.6-3tr.src.rpm \ndd01d1afce4afd60b08857706f2150ee ./1.2/rpms/bind-utils-8.2.6-3tr.i586.rpm \n590118f78a8cddbaf8dc8c142ef57cb3 ./1.2/rpms/bind-devel-8.2.6-3tr.i586.rpm \nca631fbe974a6926c8ba32b46c3ac7d4 ./1.2/rpms/bind-8.2.6-3tr.i586.rpm \n- -------------------------------------------------------------------------- \n` \n \n`TSL Security Team \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n` \n`iD8DBQE/xcQCi8CEzsK9IksRArTyAKCpbt7Z0zr7l/liVtKbiuGOQjBBXACgk74q \nRpVcOV3YngzwUxZcJLdDuls= \n=PazY \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Check Point __ Not Affected\n\nNotified: October 21, 2003 Updated: October 27, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCheck Point products are not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Cray Inc. __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCray Inc. is not vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Hitachi __ Not Affected\n\nNotified: October 21, 2003 Updated: November 25, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nHitachi HI-UX/WE2 is NOT Vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Juniper Networks __ Not Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Juniper Networks products contain this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MandrakeSoft __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo MandrakeSoft products are affected by this as we ship BIND9 in all of our products.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nominum __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNominum products are not affected by this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Red Hat Inc. __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nRed Hat ships Bind 9 in all our supported distributions and therefore we are not affected by this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### SGI __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSGI acknowledges VU#734644 reported by CERT and has determined that both SGI IRIX for MIPS systems and SGI ProPack Linux for Altix (IA64) are not vulnerable as BIND 8 does not ship with SGI IRIX or ProPack.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### adns __ Not Affected\n\nNotified: October 21, 2003 Updated: November 20, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nadns is not a nameserver and has no cache. It is not vulnerable to these kinds of problems.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### BSDI Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Conectiva Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Debian Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### EMC Corporation Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Fujitsu Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### IBM eServer __ Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nIBM eServer Platform Response \n\n\nFor information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to \n[https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&amp;pathID=3D](<https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D>) \n \nIn order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to <http://app-06.www.ibm.com/servers/resourcelink> and follow the steps for registration. \n \nAll questions should be referred to [_servsec@us.ibm.com_](<mailto:servsec@us.ibm.com>).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Ingrian Networks Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Men&amp;Mice Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MetaSolv Software Inc. Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MontaVista Software Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nokia Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nortel Networks Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Novell Unknown\n\nNotified: November 17, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sequent Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Unisys Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Wirex Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\nView all 45 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.isc.org/products/BIND/bind8.html>\n * [http://marc.theaimsgroup.com/?l=bind-announce&amp;m=106988846219834&amp;w=2](<http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2>)\n * [http://marc.theaimsgroup.com/?l=bind-announce&amp;m=106988846919846&amp;w=2](<http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2>)\n * <http://secunia.com/advisories/10300/>\n\n### Acknowledgements\n\nThe CERT/CC thanks the Internet Software Consortium for bringing this vulnerability to our attention.\n\nThis document was written by Jeffrey P. Lanza.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0914](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0914>) \n---|--- \n**Severity Metric:** | 1.50 \n**Date Public:** | 2003-11-26 \n**Date First Published:** | 2003-12-01 \n**Date Last Updated: ** | 2004-01-05 00:30 UTC \n**Document Revision: ** | 42 \n", "modified": "2004-01-05T00:30:00", "published": "2003-12-01T00:00:00", "id": "VU:734644", "href": "https://www.kb.cert.org/vuls/id/734644", "type": "cert", "title": "ISC BIND 8 vulnerable to cache poisoning via negative responses", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:39:55", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0914", "CVE-2003-0692", "CVE-2003-0690"], "description": "To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with authoritative negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious control and the victim's bind8 has to query this name-server. The attacker can set a high TTL value to keep his negative record as long as possible in the cache of the victim. For this time the clients of the attacked site that rely on the bind8 service will not be able to reach the domain specified in the negative record. These records should disappear after the time-interval (TTL) elapsed.", "edition": 1, "modified": "2003-11-28T14:58:12", "published": "2003-11-28T14:58:12", "id": "SUSE-SA:2003:047", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-11/msg00005.html", "title": "cache poisoning/denial-of-service in bind8", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}