Nixu Information for VU#800113
Multiple DNS implementations vulnerable to cache poisoning
- Vendor Information Help Date Notified: 03 Jul 2008
- Statement Date: 09 Jul 2008
- Date Updated: 09 Jul 2008
Nixu NameSurfer Suite
The proprietary primary DNS server included in Nixu NameSurfer Suite IS NOT affected by this vulnerability. Secure64 DNS and/or NSD servers run as DNS secondaries to Nixu NameSurfer Suite ARE NOT affected. BIND servers run as DNS secondaries to Nixu NameSurfer Suite are affected ONLY if recursion has been enabled in them.
For users that have enabled recursion on BIND servers run as DNS secondaries to Nixu NameSurfer primary, we recommend that BIND servers are updated to the latest version.
Nixu SNS (Secure Name Server)
The BIND version included in Nixu SNS was affected by this vulnerability if recursion was enabled. To address this issue, all users running Nixu SNS in which automated software updates have been enabled, have received a patched version of BIND (9.2.4-28.0.1.el4) on July 9 2008 by 7am GMT/2am EST that addresses the vulnerability announced in VU#800113 advisory.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.