Compaq Computer Corporation Information for VU#715973

ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the "zxfr bug"

Status

Affected

Vendor Statement

......................................................................

 COMPAQ COMPUTER CORPORATION

......................................................................
  CERT-2000-20 - BIND 8 The "zxfr bug"  
                              X-REF: SSRT1-38U, CERT-2000-20
......................................................................
       Compaq Tru64 UNIX V5.1  -        
                                   patch:  SSRT1-66U_v5.1.tar.Z      

       Compaq Tru64 UNIX V5.0  & V5.0a -
                            V5.0   patch: SSRT1-68U_v5.0.tar.Z      
                            V5.0a patch: SSRT1-68U_v5.0a.tar.Z    

       Compaq Tru64 UNIX V4.0D/F/G              - Not Vulnerable
       TCP/IP Services for Compaq OpenVMS - Not Vulnerable

......................................................................
CERT02000-20 - BIND 8 The "srv bug"
                             X-REF: SSRT1-38U, CERT CA2000-20
......................................................................
       Compaq Tru64 UNIX V5.1  -        
                                   patch: SSRT1-66U_v5.1.tar.Z    

       Compaq Tru64 UNIX V5.0 &  V5.0a  -
                            V5.0   patch: SSRT1-68U_v5.0.tar.Z      
                            V5.0a patch: SSRT1-68U_v5.0a.tar.Z    

       Compaq Tru64 UNIX V4.0D/F/G              - Not Vulnerable
       TCP/IP Services for Compaq OpenVMS - Not Vulnerable

 Compaq will provide notice of the completion/availability
 of the patches through AES services (DIA, DSNlink FLASH),
 the ** Security mailing list, and be available from your
 normal Compaq Support channel.
               **You may subscribe to the Security mailing list at:
             
http://www.support.compaq.com/patches/mailing-list.shtml

 Software Security Response Team
 COMPAQ COMPUTER CORPORATION
......................................................................

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Compaq Tru64 Unix was reported as being not vulnerable when CA-2000-20 was initially launched.

If you have feedback, comments, or additional information about this vulnerability, please send us email.