ISC Information for VU#748355
ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 09 Aug 2002
-----BEGIN PGP SIGNED MESSAGE-----
ISC Vendor statememt.
BIND 4, BIND 8 and BIND 9.0.x are not vulnerable.
BIND 9.1.x ship with a copy of the vulnerable sections of OpenSSL crypto
library (obj_dat.c and asn1_lib.c).
Please upgrade to BIND 9.2.x and/or relink with a fixed version OpenSSL.
e.g. configure --with-openssl=/path/to/fixed/openssl
Vendors shipping product based on BIND 9.1 should contact email@example.com.
BIND 9.2.x is vulnerable if linked against a vulnerable library. By default
BIND 9.2 does not link against OpenSSL.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.