3Com Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Adns Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Aks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Alcatel Unknown

Notified:  November 12, 2002 Updated: February 25, 2003

Status

Unknown

Vendor Statement

Following CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apache Software Foundation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer Inc. Affected

Notified:  November 12, 2002 Updated: February 26, 2003

Status

Affected

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3 Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server This is addressed in Security Update 2002-11-21 http://www.apple.com/support/security/security_updates.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AT&T Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Avaya Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BlueCat Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BSDi Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Check Point Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cistron Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Command Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Compaq Computer Corporation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Computer Associates Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Covalent Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

CyberSoft Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data Fellows Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Djbdns Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

D-Link Systems Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Engarde Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F5 Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Finjan Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeRADIUS Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F-Secure Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Funk Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

GFI Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

GNU glibc Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Heimdal Kerberos Project Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Affected

Notified:  November 12, 2002 Updated: February 24, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64v40gb17-c0028000-16638-es-20030129.README.

IBM Affected

Notified:  November 12, 2002 Updated: December 09, 2002

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL:        ftp://ftp.software.ibm.com/aix/efixes/security/dns_named_efix.tar.Z In the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure. The following APARs will be available in the near future: AIX 4.3.3 APAR IY37088 (available approx 11/27/2002) AIX 5.1.0 APAR IY37019 (available approx 12/18/2002) AIX 5.2.0 APAR TBA (available approx TBA)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

InfoBlox Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intel Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Interlink Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

InterSoft International Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

iPlanet Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

KTH Kerberos Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lachman Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lotus Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lucent Technologies Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Macromedia Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Madgoat Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Men&Mice Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MetaSolv Software Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MIT Kerberos Development Team Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software Not Affected

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Not Affected

Vendor Statement

MontaVista ships BIND 9, thus is not vulnerably to these advisories.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multinet Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NCFTP Software Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NCSA Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NET-SNMP Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Network Appliance Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NeXT Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nixu Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nokia Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nominum Not Affected

Updated:  November 13, 2002

Status

Not Affected

Vendor Statement

Nominum "Foundation" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum "Foundation" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum "Foundation" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Open Group Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenSSH Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Oracle Corporation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Putty Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

RADIUSClient Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Affected

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Affected

Vendor Statement

Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues. All users who have BIND installed should ensure that they are running these updated versions of BIND. http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Riverstone Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

RSA Security Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sendmail Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

ShadowSupport Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sophos Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Symantec Corporation Unknown

Notified:  November 12, 2002 Updated: April 01, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The OpenPKG Project Affected

Updated:  November 19, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2002.011 15-Nov-2002 Package: bind, bind8 Vulnerability: denial of service, arbitrary code execution OpenPKG Specific: no Dependent Packages: none Affected Releases: Affected Packages: Corrected Packages: OpenPKG 1.0 <= bind-8.2.6-1.0.1 >= bind-8.2.6-1.0.2 OpenPKG 1.1 <= bind8-8.3.3-1.1.0 >= bind8-8.3.3-1.1.1 OpenPKG CURRENT <= bind8-8.3.3-2002082 >= bind8-8.3.3-20021114 Description: The Internet Software Consortium (ISC) [1] has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND [2][3]. These problems include buffer overflows, stack revealing, divide by zero, null pointer dereferencing, and more [4]. A subset of these vulnerabilities exist in the BIND packages distributed by OpenPKG. Please check whether you are affected by running "/bin/rpm -qa | grep bind". If you have an affected version of the "bind" or "bind8" package (see above), upgrade it according to the solution below. Workaround: Because disabling recursion or disabling DNSSEC is a workaround to only a subset of the aforementioned problems, it is not a recommended aproach. Solution: Since these vulnerabilities do not exist in BIND version 9.2.1, one solution simply involves upgrading to it. The packages bind-9.2.1-1.1.0 in OpenPKG 1.1 [5], and bind-9.2.1-20021111 in OpenPKG CURRENT [6] are both candidates in this respect. Be warned that although such later versions of BIND are stable, there exist large differences between BIND 8 and BIND 9 software. A lighter approach involves updating existing packages to newly patched versions of BIND 8. Select the updated source RPM appropriate for your OpenPKG release [7][8][9], and fetch it from the OpenPKG FTP service or a mirror location. Verify its integrity [10], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [11]. For the latest OpenPKG 1.1 release, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.1/UPD ftp> get bind8-8.3.3-1.1.1.src.rpm ftp> bye $ /bin/rpm -v --checksig bind8-8.3.3-1.1.1.src.rpm $ /bin/rpm --rebuild bind8-8.3.3-1.1.1.src.rpm $ su - # /bin/rpm -Fvh /RPM/PKG/bind8-8.3.3-1.1.1.*.rpm # /etc/rc bind8 stop start References: [1] http://www.isc.org/ [2] http://www.isc.org/products/BIND/ [3] http://www.cert.org/advisories/CA-2002-31.html [4] http://www.isc.org/products/BIND/bind-security.html [5] ftp://ftp.openpkg.org/release/1.1/SRC/bind-9.2.1-1.1.0.src.rpm [6] ftp://ftp.openpkg.org/current/SRC/bind-9.2.1-20021111.src.rpm [7] ftp://ftp.openpkg.org/release/1.0/UPD/bind-8.2.6-1.0.2.src.rpm [8] ftp://ftp.openpkg.org/release/1.1/UPD/bind8-8.3.3-1.1.1.src.rpm [9] ftp://ftp.openpkg.org/current/SRC/bind8-8.3.3-20021114.src.rpm [10] http://www.openpkg.org/security.html#signature [11] http://www.openpkg.org/tutorial.html#regular-source For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For example, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iEYEARECAAYFAj3VOcwACgkQgHWT4GPEy5/vEACgmA+lr37ybByyTT7Q9ZBgzJAU rvMAoOZMy6lDJryPLPg1NV+Wn21wE1qA =gSdl -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO Linux) Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Threshold Networks Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trend Micro Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trustix Affected

Updated:  November 18, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trustix Secure Linux Security Advisory #2002-0076 Package name: bind Summary: Remote exploit Date: 2002-11-15 Affected versions: TSL 1.1, 1.2, 1.5 Package description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). Problem description: ISS X-Force has found a number of problems in all BIND 8 series up to and including 8.2.6 and 8.3.3. Two of these can cause BIND to crash causing a denial of service attack, whereas the last can be used to execute arbitary code on the victim. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: 7ca823f5bdcda62354971ba527659f8f ./1.1/RPMS/bind-8.2.6-2tr.i586.rpm 97e22862a18c94181f004b2961474a61 ./1.1/RPMS/bind-devel-8.2.6-2tr.i586.rpm 1b3924c34061398f64906a41bc4e103e ./1.1/RPMS/bind-utils-8.2.6-2tr.i586.rpm 9b353d2f2beef989a4d34fa9fd04cc30 ./1.1/SRPMS/bind-8.2.6-2tr.src.rpm 979d763efbec95a6104b8df307a52ab2 ./1.2/RPMS/bind-8.2.6-2tr.i586.rpm a219f2f92ea9f4cccb74c4ac9fcc8f69 ./1.2/RPMS/bind-devel-8.2.6-2tr.i586.rpm cc97ab8e12caaff576063d150d7216e7 ./1.2/RPMS/bind-utils-8.2.6-2tr.i586.rpm 9b353d2f2beef989a4d34fa9fd04cc30 ./1.2/SRPMS/bind-8.2.6-2tr.src.rpm aa38424ba1671b811aec3265e3764390 ./1.5/RPMS/bind-8.2.6-2tr.i586.rpm 74a18eed135150b64f62fb398d823175 ./1.5/RPMS/bind-devel-8.2.6-2tr.i586.rpm 74b1f15664668fcfa0da9b52f55d7745 ./1.5/RPMS/bind-utils-8.2.6-2tr.i586.rpm 9b353d2f2beef989a4d34fa9fd04cc30 ./1.5/SRPMS/bind-8.2.6-2tr.src.rpm Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE92NuHwRTcg4BxxS0RAraRAJ0Q+GDhIUUv0gbgv91q1ZmnFqkTHACfaRST KUB6bSTouOiksfknm0Mc/6I= =brw5 -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xerox Corporation Not Affected

Notified:  November 12, 2002 Updated: May 30, 2003

Status

Not Affected

Vendor Statement

A response to this advisory is available from our web site: http://www.xerox.com/security

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xi Graphics Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

XTRADIUS Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

YARD RADIUS Unknown

Notified:  November 12, 2002 Updated: November 12, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 101 vendors View less vendors