IBM Information for VU#734644

ISC BIND 8 vulnerable to cache poisoning via negative responses

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below.

APAR number for AIX 4.3.3: IY49899 (available 2/25/2004)
APAR number for AIX 5.1.0: IY49881 (available)
APAR number for AIX 5.2.0: IY49883 (available 12/24/2003)

These APARs can be downloaded by following the link for IBM's Fix Central at:

Efix packages for 4.3.3 and 5.2.0 will be available by 12/02/2004 at: