Nortel Networks Information for VU#581682

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database



Vendor Statement

NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts:

North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Optivity NMS is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Please note that there was a delay in posting Nortel's vendor statement update. Their update was sent to the CERT/CC on Nov 27, 2002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.