Apple Unknown

Notified:  December 03, 2014 Updated: December 03, 2014

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Cisco Systems, Inc. Unknown

    Notified:  December 03, 2014 Updated: December 03, 2014

    Status

    Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      CZ NIC Not Affected

      Notified:  December 17, 2014 Updated: December 18, 2014

      Statement Date:   December 18, 2014

      Status

      Not Affected

      Vendor Statement

      "Knot DNS is an authoritative-only DNS and thus is not vulnerable to this attack. We are in early stages of development for Knot DNS Resolver, so we will make sure that we mitigate this vulnerability."

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      djbdns Not Affected

      Notified:  December 03, 2014 Updated: December 10, 2014

      Statement Date:   December 04, 2014

      Status

      Not Affected

      Vendor Statement

      "All versions: Not vulnerable."

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      dnsmasq Not Affected

      Notified:  December 03, 2014 Updated: December 05, 2014

      Statement Date:   December 04, 2014

      Status

      Not Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      EfficientIP Affected

      Notified:  December 11, 2014 Updated: May 11, 2015

      Statement Date:   December 22, 2014

      Status

      Affected

      Vendor Statement

      All products are affected if they are used as a recursive DNS server. All versions are affected. Upgrade to the latest patch of your release: 5.0.4.p1 or 5.0.3.p4. Available releases can be downloaded at: http://www.efficientip.com/support-services/

      Vendor Information

      CVE-2014-8602 covers this vulnerability if you are running Unbound. CVE-2014-8500 covers this vulnerability if you are running BIND.

      Vendor References

      European Registry for Internet Domains Not Affected

      Notified:  December 17, 2014 Updated: December 18, 2014

      Statement Date:   December 18, 2014

      Status

      Not Affected

      Vendor Statement

      "We are not affected by this issue as we currently do not provide a recursive resolver."

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      F5 Networks, Inc. Unknown

      Notified:  November 24, 2014 Updated: November 24, 2014

      Status

      Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        gdnsd Not Affected

        Notified:  December 17, 2014 Updated: December 18, 2014

        Statement Date:   December 18, 2014

        Status

        Not Affected

        Vendor Statement

        "gdnsd is not vulnerable to this attack because it is a pure authoritative server; it never sends DNS queries to other servers."

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        GNU adns Not Affected

        Notified:  December 03, 2014 Updated: December 17, 2014

        Statement Date:   December 17, 2014

        Status

        Not Affected

        Vendor Statement

        "adns is a stub resolver and does not follow delegation chains at all. So it is not vulnerable."

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        GNU glibc Not Affected

        Updated:  December 18, 2014

        Status

        Not Affected

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Infoblox Affected

        Notified:  November 24, 2014 Updated: December 11, 2014

        Statement Date:   December 11, 2014

        Status

        Affected

        Vendor Statement

        "All versions of NIOS prior to 6.8.13, 6.10.11, 6.11.7 and 6.12.2 are affected by the vulnerability. Please update to fixed versions available through the Infoblox support site or contact Infoblox Support for further assistance."

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Internet Systems Consortium Affected

        Updated:  December 09, 2014

        Status

        Affected

        Vendor Statement

        Upgrade to the patched release most closely related to your current version of BIND.  Patched builds of currently supported branches of BIND (9.9 and 9.10) can be downloaded via http://www.isc.org/downloads BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1

        Vendor Information

        This vulnerability has been fixed in the latest version of BIND. Users are encouraged to update BIND as soon as possible. This issue in BIND is assigned CVE-2014-8500.

        Vendor References

        JH Software Unknown

        Notified:  December 17, 2014 Updated: December 18, 2014

        Status

        Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        MaraDNS Affected

        Notified:  December 03, 2014 Updated: January 26, 2015

        Statement Date:   January 24, 2015

        Status

        Affected

        Vendor Statement

        "I have released MaraDNS 2.0.10, MaraDNS 1.4.15, and Deadwood 3.2.06 which are patched against this possible vulnerability. Downloads are available at http://maradns.samiam.org/download/ and https://github.com/samboy/MaraDNS".

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Vendor References

        Microsoft Corporation Not Affected

        Notified:  December 18, 2014 Updated: December 29, 2014

        Statement Date:   December 20, 2014

        Status

        Not Affected

        Vendor Statement

        "The Windows DNS server is "not affected" ... The Windows DNS server by default has ways to put a cap on the maximum effort it makes to resolve such chains. [Administrators] can further reduce or increase the cap as suited."

        Vendor Information

        The statement above refers to the following Microsoft TechNet Blog post describing how administrators may set the effort cap on the Microsoft DNS server: http://blogs.technet.com/b/networking/archive/2014/12/15/handling-endless-delegation-chains-in-windows-dns-server.aspx

        Vendor References

        NEC Corporation Affected

        Updated:  October 26, 2015

        Status

        Affected

        Vendor Statement

        We provide information on this issue at the following URL (only in Japanese)

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Vendor References

        NLnet Labs Affected

        Updated:  December 09, 2014

        Status

        Affected

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        CVE-2014-8602 covers this vulnerability in Unbound.

        Vendor References

        Nominum Not Affected

        Notified:  November 24, 2014 Updated: December 09, 2014

        Statement Date:   December 09, 2014

        Status

        Not Affected

        Vendor Statement

        "Nominum servers are not vulnerable to this attack directly".

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        OpenDNS Not Affected

        Notified:  December 10, 2014 Updated: December 18, 2014

        Statement Date:   December 10, 2014

        Status

        Not Affected

        Vendor Statement

        "OpenDNS is not vulnerable to this attack."

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        PowerDNS Affected

        Updated:  December 09, 2014

        Status

        Affected

        Vendor Statement

        Upgrade to PowerDNS Recursor 3.6.2.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Vendor References

        Secure64 Software Corporation Not Affected

        Notified:  November 24, 2014 Updated: December 19, 2014

        Statement Date:   December 19, 2014

        Status

        Not Affected

        Vendor Statement

        ""Secure64 servers are not directly vulnerable to this infinite recursion attack".

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        View all 22 vendors View less vendors