search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cached malformed SIG record buffer overflow

Vulnerability Note VU#852283

Original Release Date: 2002-11-13 | Last Revised: 2004-10-18

Overview

A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9.

Description

A remotely exploitable buffer overflow exists in named. An attacker using malformed SIG records can exploit this vulnerability against a nameserver with recursion enabled. The overflow occurs when the nameserver constructs responses to recursive requests using the malformed SIG records, leading to arbitrary code execution as the named uid, typically root. As was the case with a previous issue affecting named and NXT records (CA-1999-14, VU#16532), a malicious server must reply to a forwarded request from a recursive nameserver in order to exploit the vulnerability. However, as with the NXT record exploit, a full-service nameserver is not required, only a service replying to a legitimate victim nameserver request.

The following versions of BIND are affected:

- BIND versions 4.9.5 to 4.9.10
- BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3

Impact

A remote attacker could execute arbitrary code on the nameserver with the privileges of the named uid, typically root.

Solution

Upgrade to BIND 4.9.11, BIND 8.2.7, BIND 8.3.4, or BIND 9.

One interim workaround is to disable recursion on vulnerable servers.

Vendor Information

852283
 
Affected   Unknown   Unaffected

Apple Computer Inc.

Notified:  November 12, 2002 Updated:  December 03, 2002

Status

  Vulnerable

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3

Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server

This is addressed in Security Update 2002-11-21

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE   : bind
SUMMARY   : Remote vulnerabilities in the BIND DNS server
DATE      : 2002-11-14 15:36:00
ID        : CLA-2002:546
RELEVANT
RELEASES  : 6.0

- -------------------------------------------------------------------------

DESCRIPTION
"bind" is probably the most used DNS server on the internet.

 ISS reported[7] buffer overflow and denial of service vulnerabilities
in some versions of the BIND software. The most dangerous one, the
buffer overflow, could be used by remote attacker to execute
arbitrary code on the server with the privileges of the user running
the "named" process.

 The vulnerabilities explained below affect BIND as shipped with
Conectiva Linux 6.0. Conectiva Linux 7.0 and 8 already ship BIND 9.x,
which is not vulnerable to the problems reported by ISS.

 1) Buffer overflow (CAN-2002-1219) [5]
An attacker who can make a vulnerable BIND server make recursive
queries to a domain that he (the attacker) controls can exploit this
vulnerability and execute arbitrary code on the server with the same
privileges as the "named" process. The BIND packages in Conectiva
Linux run the "named" process with an unprivileged user, and not
root, which mitigates the impact of this vulnerability somewhat,
requiring that the attacker take further steps to obtain root access.
Additionally, there is the bind-chroot package which, if used, runs
the server in a chroot area under /var/named which imposes an
additional restriction on the actions a potential intruder can take.

 2) Denial of service (CAN-2002-1221) [6]
The BIND server can be triggered into attempting a NULL pointer
dereference which will terminate the service. This can be caused by a
remote attacker who controls a DNS server authoritative for some
domain queried by the vulnerable BIND server.


 The packages available through this advisory were built with patches
that were made publicly available[3] by ISC less than 24 hours ago.
Conectiva Linux and the majority of other GNU/Linux distributions
were notified about this vulnerability (but with not enough details
to produce a patch) about 12 hours before ISS made it public[7]. We
are worried about the way in which this whole incident has been
handled, specially when considering that DNS is part of the internet
infrastructure and thus a vital service.

 We, and many vendors, do believe in what is commonly called
"responsible full disclosure"[8], where all details about a
vulnerability are made public after all vendors were notified in
advance and have had a reasonable amount of time to prepare and test
updated packages. We believe this to be the most secure and
responsible method for disclosing vulnerabilities.


SOLUTION
All BIND users should upgrade immediately. After the upgrade, the
named service will be automatically restarted if needed.

 If it is not possible to upgrade the packages immediately, users
should disable recursive queries or restrict them. Disabling
recursive queries can be done by the "recursion no;" parameter in the
options section of the named.conf configuration file. Restricting
access to such queries can be accomplished via the "allow-recursion"
directive in the same configuration file.


 REFERENCES
1.http://www.isc.org/
2.http://www.cert.org/advisories/CA-2002-31.html
3.http://www.isc.org/products/BIND/patches/bind826.diff
4.http://www.isc.org/products/BIND/bind-security.html
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
7.https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
8.http://distro.conectiva.com.br/seguranca/problemas/?idioma=en


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-8.2.6-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-chroot-8.2.6-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-8.2.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-chroot-8.2.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-8.2.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-static-8.2.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-doc-8.2.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-utils-8.2.6-1U60_2cl.i386.rpm


ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
  (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
- after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples
can be found at
http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at
http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

iD8DBQE9099O42jd0JmAcZARAiZGAKDMz0e8eiF+0Zws8sQkvkE5NcHKywCg24tc
ixMwRpolJ8skSz3KyrLfVjM=
=Smdc
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.debian.org/security/2002/dsa-196.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory               November 14, 2002 |
|
http://www.engardelinux.org/                          ESA-20021114-029 |
|                                                                        |
| Packages: bind-chroot, bind-chroot-utils                               |
| Summary:  buffer overflow, DoS attacks.                                |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
 improved access control, host and network intrusion detection, Web
 based secure remote management, e-commerce, and integrated open source
 security tools.

OVERVIEW
- --------
 Several vulnerabilities were found in the BIND nameserver.  The
 vulnerabilities, discovered by ISS, range from buffer overflows to
 denial of service (DoS) attacks.

  The summaries below are from the ISS advisory which may be found at:

    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

  * CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability

    "A buffer overflow exists in BIND 4 and 8 that may lead to remote
    compromise of vulnerable DNS servers. An attacker who controls any
    authoritative DNS server may cause BIND to cache DNS information
    within its internal database, if recursion is enabled. Recursion is
    enabled by default unless explicitly disabled via command line
    options or in the BIND configuration file. Attackers must either
    create their own name server that is authoritative for any domain,
    or compromise any other authoritative server with the same criteria.
    Cached information is retrieved when requested by a DNS client. There
    is a flaw in the formation of DNS responses containing SIG resource
    records (RR) that can lead to buffer overflow and execution of
    arbitrary code."

  * CAN-2002-1220 -- BIND OPT DoS

    "Recursive BIND 8 servers can be caused to abruptly terminate due to
    an assertion failure. A client requesting a DNS lookup on a
    nonexistent sub- domain of a valid domain name may cause BIND 8 to
    terminate by attaching an OPT resource record with a large UDP
    payload size. This DoS may also be triggered for queries on domains
    whose authoritative DNS servers are unreachable."

  * CAN-2002-1221 -- BIND SIG Expiry Time DoS

    "Recursive BIND 8 servers can be caused to abruptly terminate due to a
    null pointer dereference. An attacker who controls any authoritative
    name server may cause vulnerable BIND 8 servers to attempt to cache
    SIG RR elements with invalid expiry times. These are removed from the
    BIND internal database, but later improperly referenced, leading to a
    DoS condition."

  All users should upgrade as soon as possible.

SOLUTION
- --------
 Users of the EnGarde Professional edition can use the Guardian Digital
 Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
 as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
   
http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
   b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh files

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv files

UPDATED PACKAGES
- ----------------
 These updated packages are for EnGarde Secure Linux Community
 Edition.

  Source Packages:

    SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm
     MD5 Sum: 3c845d09bcbe9b07e5395d75a8686689

  Binary Packages:

    i386/bind-chroot-8.2.6-1.0.29.i386.rpm
     MD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2

    i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm
     MD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb

    i686/bind-chroot-8.2.6-1.0.29.i686.rpm
     MD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5

    i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm
     MD5 Sum: 20fb3e4a34cecb431511308afe027941

REFERENCES
- ----------
 Guardian Digital's public key:
   
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  BIND's Official Web Site:
   
http://www.isc.org/products/BIND/

  Security Contact:   security@guardiandigital.com
 EnGarde Advisories:
http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

iD8DBQE903h0HD5cqd57fu0RAgQ2AJ4h+6JBMcFRlC3vKwfRi7dnMRE69ACbBQoO
jReNCYKqxnuwuvOLsRqhznY=
=9v8+
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified:  November 12, 2002 Updated:  November 18, 2002

Status

  Vulnerable

Vendor Statement

The AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL:

In the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure.

The following APARs will be available in the near future:
    AIX 4.3.3 APAR IY37088 (available approx 11/27/2002 )
    AIX 5.1.0 APAR IY37019 (available approx 12/18/2002 )
    AIX 5.2.0 APAR TBA (available approx TBA )

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ISC

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           bind
Advisory ID:            MDKSA-2002:077
Date:                   November 14th, 2002

Affected versions:      7.2, Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 Several vulnerabilities were discovered in the BIND8 DNS server by ISS
(Internet Security Services), including a remotely exploitable buffer
overflow.  The first vulnerability is how named handles SIG records;
this buffer overflow can be exploited to obtain access to the victim
host with the privilege of the user the named process is running as.
By default, Mandrake Linux is configured to run the named process as
the named user.  To successfully exploit this vulnerability, the
attacker must control an existing DNS domain and must be allowed to
perform a recursive query.

 A possible work-around is to restrict recursive requests, however
MandrakeSoft encourages all users to upgrade to the provided BIND9
packages.  You can also completely disable recursion by adding
"recursion no;" to the options section of /etc/named.conf.

 Several Denial of Service problems also exist in BIND8 that allow
attackers to terminate the named process.  At least one of these
vulnerabilities seems to be exploitable even when the attacker is
not permitted to perform recursive queries, so the work-around noted
above is not effective against this DoS.

 Both problems are not reported to effect BIND9.  As Linux-Mandrake
7.2 and Single Network Firewall 7.2 are the only supported distributions
to still ship BIND8, we have elected to upgrade to both a patched
version of BIND8 and BIND9.  The BIND8 packages contain the patch
ISC made available late on the 13th, contrary to their original
advisory which called for them to be made available next week.  Despite
this, however, MandrakeSoft encourages everyone who is able to upgrade
to BIND9 rather than BIND8.

 The MandrakeSoft security team wishes to apologize to MandrakeSoft
customers for not being able to provide timely fixes for this problem,
and regrets the inability of the ISC to work with the Internet community
at large to provide adequate protection to users of BIND.
________________________________________________________________________

References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
 
http://www.kb.cert.org/vuls/id/852283
 
http://www.kb.cert.org/vuls/id/229595
 
http://www.isc.org/products/BIND/bind-security.html
 
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
________________________________________________________________________

Updated Packages:

 Linux-Mandrake 7.2:
f3ca1559f7d2fbe17a2ec6dab327bb7e  7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm
0ccd937ec59aa9775f79b05f62d4718c  7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm
783ab2327c7e7983a07a8043d3355bbb  7.2/RPMS/bind-devel-8.3.3-2.1mdk.i586.rpm
bbf717f0f71098ab6c2293d9dbd1c1bd  7.2/RPMS/bind-devel-9.2.1-2.3mdk.i586.rpm
47a2418adcd190b22956407a667fbc9e  7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm
56b9c086c299cdfd367ae87f14db711b  7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm
df34fbecce2e6c61695fcee11a525fea  7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm
f9d914230ec37be01ad4d00abcde0280  7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm
8660bd628168c52478b0f766d0ab676c  7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm
904b9064763803d24afc79e7140146a4  7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm

 Single Network Firewall 7.2:
f3ca1559f7d2fbe17a2ec6dab327bb7e  snf7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm
0ccd937ec59aa9775f79b05f62d4718c  snf7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm
47a2418adcd190b22956407a667fbc9e  snf7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm
56b9c086c299cdfd367ae87f14db711b  snf7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm
df34fbecce2e6c61695fcee11a525fea  snf7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm
f9d914230ec37be01ad4d00abcde0280  snf7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm
8660bd628168c52478b0f766d0ab676c  snf7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm
904b9064763803d24afc79e7140146a4  snf7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
 <security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9083UmqjQ0CJFipgRAnHHAKCpU7M0s+/oktmfBXt3YmuV0Fk9EgCgxqKw
0TMmPB4TZgcFOv+PVexxc58=
=01Zu
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks

Notified:  November 12, 2002 Updated:  December 03, 2002

Status

  Vulnerable

Vendor Statement

"NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts:


    North America: 1-800-4NORTEL or 1-800-466-7835
    Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Optivity NMS is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  November 12, 2002 Updated:  December 03, 2002

Status

  Vulnerable

Vendor Statement

BIND 4.9.10-OW2 includes the patch provided by ISC and thus has the two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND 4.9.x-OW patches, if used properly, significantly reduced the impact of the "named" vulnerability. The patches are available at their usual location:

A patch against BIND 4.9.11 will appear as soon as this version is officially released, although it will likely be effectively the same as the currently available 4.9.10-OW2.

It hasn't been fully researched whether the resolver code in glibc,and in particular on Openwall GNU/*/Linux, shares any of the newly discovered BIND 4 resolver library vulnerabilities. Analysis is in progress.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  November 12, 2002 Updated:  November 13, 2002

Status

  Vulnerable

Vendor Statement

Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues.

All users who have BIND installed should ensure that they are running these updated versions of BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc.

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package:                bind8
       Announcement-ID:        SuSE-SA:2002:044
       Date:                   Wed Nov 13 17:00:00 CET 2002
       Affected products:      (7.0), 7.1, 7.2, 7.3, 8.0, 8.1,
SuSE Linux Database Server
SuSE eMail Server III, 3.1
SuSE Firewall
SuSE Linux Enterprise Server for S/390
SuSE Linux Connectivity Server
SuSE Linux Enterprise Server 7
SuSE Linux Office Server
       Vulnerability Type:     remote command execution
       Severity (1-10):        8
       SuSE default package:   yes
       Cross References:       CVE CAN-2002-1219,
CAN-2002-1220, CAN-2002-1221,
http://www.isc.org/products/BIND/bind-security.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

    Content of this advisory:
       1) security vulnerability resolved: Remote command execution
  in bind8 name server.
          problem description, discussion, solution and upgrade information
       2) pending vulnerabilities, solutions, workarounds: BIND4, reports
  of trojanized tcpdump/libpcap
       3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    The security research company ISS (Internet Security Services)
   has discovered several vulnerabilities in the BIND8 name server,
   including a remotely exploitable buffer overflow.

    Circumstancial evidence suggests that the Internet Software
   Consortium (maintainer of BIND) has been made aware of these issues
   in mid-October. Distributors of Open Source operating systems,
   including SuSE, were notified of these vulnerabilities via CERT
   approximately 12 hours before the release of the advisories by ISS
   and ISC on Tue, Nov 12. This notification did not include any details
   that allowed us to identify the vulnerable code, much less prepare
   a fix. Mails to ISC went unanswered for 36 hours.

    The SuSE security team regrets that the Internet Software Consortium
   has withheld vital information from the Internet community for so long,
   putting the majority of BIND users at risk. We would like to express
   our concern that the approach chosen by ISC and ISS is likely to
   erode trust in the security community if it becomes a model for dealing
   with security issues.

    We apologize to SuSE customers for not being able to provide timely
   fixes for this problem.

    The advisories by ISS and ISC mention the following problems
   in detail:

     1.There is a buffer overflow in the way named handles
       SIG records. This buffer overflow can be exploited to
       obtain access to the victim host under the account
       the named process is running with.

In order to exploit this problem, the attacker must
control an existing DNS domain, and must be allowed
to perform a recursive query.

The impact of this vulnerability is serious.

In all SuSE products, named is configured to run as user "named"
by default, so a potential attacker or virus/worm does not get
immediate root access. However, this is merely an additional
obstacle the attacker faces. It may be possible for the attacker
to exploit other, unpatched local vulnerabilities such as the
recently announced traceroute hole to obtain root privilege. It
may also be possible for an attacker to obtain increased privilege
by manipulating the DNS zones served by the victim BIND server.

We recommend to upgrade to the provided packages. If this is
not possible, we recommend to restrict recursive requests as a
workaround. This can be done by adding a statement such as the
following to /etc/named.conf:

options {
... existing options ...

# Restrict recursive queries to 192.168.1.*,
# except 192.168.1.254.
# Order does matter.
allow-recursion {
!192.168.1.254;
192.168.1/24;
};
};

Alternatively, you can add "recursion no;" to the options
section to turn off recursion completely.

     2.There are several Denial Of Service problems in BIND8
       that allow remote attackers to terminate the name server
       process.

At least one of these vulnerabilities seems to be exploitable
even when the attacker is not allowed to perform recursive
queries, so that the workaround suggested above is not
effective against this bug.

    Both vulnerabilities are addressed by this update, using patches
   originating from ISC.

    Due to the severity of this issue, we will provide update packages
   for SuSE Linux 7.0, even though support for this product has officially
   been discontinued.

    Please download the update package for your distribution and verify its
   integrity by the methods listed in section 3) of this announcement.
   Then, install the packages using the command "rpm -Fhv file.rpm" to apply
   the update. After updating, make sure to restart the name server
   process by issuing the following command as root:

    rcnamed restart

    Our maintenance customers are being notified individually. The packages
   are being offered to install from the maintenance web.




    Intel i386 Platform:

    SuSE-8.1:
   
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-260.i586.rpm
     e1c07d8c1dd74374cc37e7fa692c9de1
   
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bindutil-8.2.4-260.i586.rpm
     b41734970bf88aa7b5d3debbf834b78d
   
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-devel-8.2.4-260.i586.rpm
     f7236e5e621725e100dbd204e2692a66
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-260.src.rpm
     02154fbdc935a2900d70ce6a16e96543

    SuSE-8.0:
   
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-260.i386.rpm
     07bc10c5c348c560084edb3c289459c9
   
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/bindutil-8.2.4-260.i386.rpm
     4db27e9ad4ae038d81422a0c5b9a34d0
   
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/bind8-devel-8.2.4-260.i386.rpm
     a1b3958e0fbaed30ddecbf7753007dbf
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-260.src.rpm
     0b66ae2b5c462f041625919fed7ab089

    SuSE-7.3:
   
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-261.i386.rpm
     fe0654b3de751533874b08a860afea5e
   
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/bindutil-8.2.4-261.i386.rpm
     043a8c1c0bb2cc23308a614dc7bdc0fe
   
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-devel-8.2.4-261.i386.rpm
     59aca78f5aacb3ff7ecbc252eb760956
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-261.src.rpm
     355add6397435262c597ad662e3df119

    SuSE-7.2:
   
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-8.2.3-200.i386.rpm
     1072a9fe708150bc14c70a72ca42dfd3
   
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/bindutil-8.2.3-200.i386.rpm
     0713d9b200db862110493233bc1d8321
   
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-devel-8.2.3-200.i386.rpm
     c681a91b38104cf47de4f4d454136a8a
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/bind8-8.2.3-200.src.rpm
     8f51737bc0c84b7be08fe3bb1d4012b4

    SuSE-7.1:
   
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/bind8-8.2.3-200.i386.rpm
     f2c14f81038d7ba952def27981b4599c
   
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/bindutil-8.2.3-200.i386.rpm
     961a5403a41e8031c054a081ebf92ba5
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/bind8-8.2.3-200.src.rpm
     7f3c9b95591fb22f00dc0b22cdd5fcf1

    SuSE-7.0:
   
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bind8-8.2.3-200.i386.rpm
     0a6b9e23cefa5cd9f06660571ebf85ff
   
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bindutil-8.2.3-200.i386.rpm
     3a6e0e81c2d8b05ee01a2a0b9c26e9a4
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/bind8-8.2.3-200.src.rpm
     1c2cb2e531fe2834de84b22ad714de68



    Sparc Platform:

    SuSE-7.3:
   
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm
     c08454b933ed2365d9d2ab1322803af6
   
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/bindutil-8.2.4-128.sparc.rpm
     47e063be85fadfa2e5d0fce1746a34b5
   
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-devel-8.2.4-128.sparc.rpm
     46a97b033cca0a01dcb39ef90275ce46
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm
     827a7f56273c7a25ac40ffba728e9150




    AXP Alpha Platform:

    SuSE-7.1:
   
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/bind8-8.2.3-139.alpha.rpm
     77f39990fabacb545657236a60fecbe0
   
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/bindutil-8.2.3-139.alpha.rpm
     33bf9f28a7c9105c84216906694c7b7c
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/bind8-8.2.3-139.src.rpm
     df347649fc98de695837a88452814ee6

    SuSE-7.0:
   
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bind8-8.2.3-139.alpha.rpm
     23f307cda6a0eefb3d9f1a0439950bdd
   
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bindutil-8.2.3-139.alpha.rpm
     0789b49749d93ddd79192506cda00f7a
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/bind8-8.2.3-139.src.rpm
     356306a7f2c079e2726b3aa8da496e9b



    PPC Power PC Platform:

    SuSE-7.3:
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-200.ppc.rpm
     4cbeb4719625f8735ec03c27e1b27b85
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/bindutil-8.2.4-200.ppc.rpm
     37fca302d72c819e713f8038d730a527
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-devel-8.2.4-200.ppc.rpm
     f0f5cb7b808789606448a4d472c71400
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-200.src.rpm
     5c810e6f144d0f2875bb06d2331f50d8

    SuSE-7.1:
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/bind8-8.2.3-121.ppc.rpm
     47fcc451954f03a915b57b500bd56c57
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/bindutil-8.2.3-121.ppc.rpm
     2c0de3b64d5c3d62cb840a534911ef31
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/bind8-8.2.3-121.src.rpm
     235e142413ec35bcbdb86168b04b7a78

    SuSE-7.0:
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bind8-8.2.3-121.ppc.rpm
     44dc01f6b4fae1dfd87874db6d42e8d9
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bindutil-8.2.3-121.ppc.rpm
     d46f45bef0f12c3c5b071443ac9e7f13
   source rpm(s):
   
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/bind8-8.2.3-121.src.rpm
     1bac32496ae66d4b0e35bc34d4e500ff

______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    BIND4
In addition to the vulnerabilities in BIND8 discussed above, ISS
report several vulnerabilities in BIND4. As stated previously,
SuSE has discontinued support for BIND4 and recommends that
users upgrade to BIND8 as soon as possible.

    Trojaned libpcap/tcpdump
   There have been reports that the source packages of tcpdump and
libpcap available from several FTP servers have been modified to
include a trojan. We have checked our source packages for this
and found them to be clean.

______________________________________________________________________________

3)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SuSE update packages are available on many mirror ftp servers all over
   the world. While this service is being considered valuable and important
   to the free and open source software community, many users wish to be
   sure about the origin of the package and its content before installing
   the package. There are two verification methods that can be used
   independently from each other to prove the authenticity of a downloaded
   file or rpm package:
   1) md5sums as provided in the (cryptographically signed) announcement.
   2) using the internal gpg signatures of the rpm package.

    1) execute the command
       md5sum <name-of-the-file.rpm>
      after you downloaded the file from a SuSE ftp server or its mirrors.
      Then, compare the resulting md5sum with the one that is listed in the
      announcement. Since the announcement containing the checksums is
      cryptographically signed (usually using the key security@suse.de),
      the checksums show proof of the authenticity of the package.
      We disrecommend to subscribe to security lists which cause the
      email message containing the announcement to be modified so that
      the signature does not match after transport through the mailing
      list software.
      Downsides: You must be able to verify the authenticity of the
      announcement in the first place. If RPM packages are being rebuilt
      and a new version of a package is published on the ftp server, all
      md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
      of an rpm package. Use the command
       rpm -v --checksig <file.rpm>
      to verify the signature of the package, where <file.rpm> is the
      filename of the rpm package that you have downloaded. Of course,
      package authenticity verification can only target an un-installed rpm
      package file.
      Prerequisites:
       a) gpg is installed
       b) The package is signed using a certain key. The public part of this
          key must be installed by the gpg program in the directory
          ~/.gnupg/ under the user's home directory who performs the
          signature verification (usually root). You can import the key
          that is used by SuSE in rpm packages for SuSE Linux by saving
          this announcement to a file ("announcement.txt") and
          running the command (do "su -" to be root):
           gpg --batch; gpg < announcement.txt | gpg --import
          SuSE Linux distributions version 7.1 and thereafter install the
          key "build@suse.de" upon installation or upgrade, provided that
          the package gpg is installed. The file containing the public key
          is placed at the top-level directory of the first CD (pubring.gpg)
          and at
ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SuSE runs two security mailing lists to which any interested party may
   subscribe:

    suse-security@suse.com
       -   general/linux/SuSE security discussion.
           All SuSE security announcements are sent to this list.
           To subscribe, send an email to
               <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
       -   SuSE's announce-only mailing list.

            Only SuSE's security announcements are sent to this list.
           To subscribe, send an email to
               <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
   send mail to:
       <suse-security-info@suse.com> or
       <suse-security-faq@suse.com> respectively.

    =====================================================================
   SuSE's security contact is <security@suse.com> or <security@suse.de>.
   The <security@suse.de> public key is listed below.
   =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
   provided that the advisory is not modified in any way. In particular,
   it is desired that the clear-text signature shows proof of the
   authenticity of the text.
   SuSE Linux AG makes no warranties of any kind whatsoever with respect
   to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

iQEVAwUBPdN4f3ey5gA9JdPZAQFYfgf/fBA6GtBHgChwqbfDmnbp0BQWrvnJKv97
4rwnnoF2HqsHRdR6d5W8xF4EOJaedzhotTFUDmy2CWUabWdpCgac79JSQ8iI+P8G
N/Uv4o5kloBuvahTk0GHDoG5HVLQCaPbLZUnAWxcYzu57oQ+HaGJTF49cVfZhVkD
KCGBwMgYwpWNUNQ3QcOl8liPqrNj6K512J4AivnjkCuXO0fsiXTuR7rPg7NgZzVn
BoXhyt0Hvvk1zkkMf4JMGATdl6V5t2sK3YBsKPWEnd0yB3vqNYs3LUH3ArctsUXP
c6DMP9p6++OJySP+Bb6Mg3h7JCbLqBMuuElppEbcApnE6JXFhGozBQ==
=GZ1Z
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Not Vulnerable

Vendor Statement

Cray Inc. is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InfoBlox

Notified:  November 12, 2002 Updated:  October 18, 2004

Status

  Not Vulnerable

Vendor Statement

The Infoblox DNS One product is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  November 12, 2002 Updated:  November 14, 2002

Status

  Not Vulnerable

Vendor Statement

Microsoft products do not use the program in question. Microsoft products are not affected by this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software

Notified:  November 12, 2002 Updated:  November 13, 2002

Status

  Not Vulnerable

Vendor Statement

MontaVista ships BIND 9, thus is not vulnerably to these advisories.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nominum

Notified:  November 12, 2002 Updated:  November 13, 2002

Status

  Not Vulnerable

Vendor Statement

Nominum "Foundation" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum "Foundation" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum "Foundation" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3Com

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Adns

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aladdin Knowledge Systems

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apache

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apache-SSL

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BSDI

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BlueCat Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cistron

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Command Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Compaq Computer Corporation

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Covalent

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CyberSoft

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data Fellows

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data General

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F-Secure

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Finjan Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeRADIUS

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Funk Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GFI Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNU glibc

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IPlanet

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Inner Cite

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Interlink Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intersoft International Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Jkuo

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

KTH Kerberos

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lachman

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Macromedia Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mei

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Men&Mice

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MetaSolv Software Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MiT Kerberos Development Team

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NCFTP Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NCSA

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NeXT

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetSNMP

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Associates

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nixu

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Open Group

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

PSPL

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Process Software

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Putty

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RADIUS

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RADIUSClient

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RSA Security

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SSH Communications Security

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sendmail

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ShadowSupport

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sophos

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec Corporation

Notified:  November 12, 2002 Updated:  April 01, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Linux)

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO UnixWare)

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Threshold Networks

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trend Micro

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WU-FTPD Development Group

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems Inc.

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wirex

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

XTRADIUS

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox Corporation

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xi Graphics

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

YARD RADIUS

Notified:  November 12, 2002 Updated:  November 12, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to ISS for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2002-1219
CERT Advisory: CA-2002-31
Severity Metric: 30.38
Date Public: 2002-11-11
Date First Published: 2002-11-13
Date Last Updated: 2004-10-18 14:58 UTC
Document Revision: 18

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.