Nixu Information for VU#800113

Multiple DNS implementations vulnerable to cache poisoning

Status

Affected

Vendor Statement

Nixu NameSurfer Suite
---------------------
The proprietary primary DNS server included in Nixu NameSurfer Suite IS NOT affected by this vulnerability. Secure64 DNS and/or NSD servers run as DNS secondaries to Nixu NameSurfer Suite ARE NOT affected. BIND servers run as DNS secondaries to Nixu NameSurfer Suite are affected ONLY if recursion has been enabled in them.

For users that have enabled recursion on BIND servers run as DNS secondaries to Nixu NameSurfer primary, we recommend that BIND servers are updated to the latest version.

Nixu SNS (Secure Name Server)
-----------------------------
The BIND version included in Nixu SNS was affected by this vulnerability if recursion was enabled. To address this issue, all users running Nixu SNS in which automated software updates have been enabled, have received a patched version of BIND (9.2.4-28.0.1.el4) on July 9 2008 by 7am GMT/2am EST that addresses the vulnerability announced in VU#800113 advisory.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.