IBM Information for VU#325431
Queries to ISC BIND servers may disclose environment variables
- Vendor Information Help Date Notified: 03 Jan 2001
- Statement Date:
- Date Updated: 05 Apr 2001
[A fix for this vulnerability] can be downloaded from ftp://ftp.software.ibm.com/aix/efixes/security. The compressed tarfile is multiple_bind_vulns_efix.tar.Z. Installation instructions and other important information are given in the README file that is included in the tarball.
The official fix for the four BIND4 and BIND8 vulnerabilities will be in APAR #IY16182.
AIX Security Response Team
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.