IBM Information for VU#734644

Home | FAQ | Contact | Privacy Policy

Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

View Notes By

Other Documents

IBM Information for VU#734644

Date Notified:	2003-10-21
Date Updated:
Statement Date:
Status Summary:	Vulnerable

Vendor Statement

The AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below.

APAR number for AIX 4.3.3: IY49899 (available 2/25/2004)
APAR number for AIX 5.1.0: IY49881 (available)
APAR number for AIX 5.2.0: IY49883 (available 12/24/2003)

These APARs can be downloaded by following the link for IBM's Fix Central at:

http://www-1.ibm.com/servers/eserver/support/eseries/fixes

Efix packages for 4.3.3 and 5.2.0 will be available by 12/02/2004 at:

ftp://aix.software.ibm.com/aix/efixes/security/dns_poison_efix.tar.Z

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

IBM has published APAR IY49881 regarding this vulnerability. For more information, please see:

http://www-1.ibm.com/support/docview.wss?uid=isg1IY49881

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information