Hewlett-Packard Company Information for VU#803539

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows

Status

Affected

Vendor Statement

HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-209

Originally issued: 12 Aug 2002

reference id: VU#803539, SSRT2316

HP Published Security Bulletin HPSBUX0208-209 with solutions for HP9000 Series 700/800 running HP-UX releases 11.00 and 11.11 (11i) with products using DNS resolver libraries, including, but not limited to, BINDv920.INETSVCS-BIND.

This bulletin is available from the HP IT Resource Center page at: http://itrc.hp.com "Maintenance and Support" then "Support Information Digests" and then "hp security bulletins archive" search for bulletin HPSBUX0208-209.

reference id: VU#542971
describes a specific aspect of this vulnerability
as it affects the GNU libc library (glibc):

The glibc resolver used by HP Secure OS Software for Linux is vulnerable. Please see Hewlett-Packard Company Security Bulletin HPSBTL0207-053 for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

HP JetDirect print servers and LaserJet network printers are also affected. Please see HPSBUX0209-218/SSRT2345.

If you have feedback, comments, or additional information about this vulnerability, please send us email.