Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: May 03, 2006
Affected
F5's 3-DNS and GTM products are vulnerable to the same extent that BIND itself is vulernable. F5 products will be patched when ISC relea ses fixes to BIND.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: May 10, 2006
Not Affected
HP-UX 11.X - not vulnerable Tru64 UNIX - not vulnerable
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: May 01, 2006
Not Affected
AlaxalA Networks AX series, Hitachi GR2000/GR4000/GS4000/GS3000 and Hitachi HI-UX are NOT vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 27, 2006
Unknown
For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be referred to servsec@us.ibm.com.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 27, 2006
Affected
The OUSPG PROTOS c09-dns-response test tool was run against all Juniper Networks platforms. JUNOS and ScreenOS were unaffected. Tests against JUNOSe, found on the E-series routers, did result in an issue with the DNS client code (ref: KA 23381). The issue was resolved in the following JUNOSe updates: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1, 7-1-1. Later JUNOSe releases are unaffected.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: May 10, 2006
Affected
Openwall GNU/*/Linux (Owl) 2.0 contains BIND 9 and a DNS resolver as a part of the GNU C Library (glibc), both with our modifications. Owl 1.1 and earlier releases did not include BIND. Although there's limited information on these vulnerabilities available, we believe that the BIND 9 package in Owl is affected to the same (very limited) extent that is documented in the statement from the ISC found in the PDF version of the NISCC Vulnerability Advisory 144154/NISCC/DNS and that the DNS resolver in glibc is not affected at all. Assuming that the ISC's description of the issue is correct, we agree with the ISC's assessment of this issue as minor enough to not require updates for current and past releases. Instead, a fix is expected to be included in a future release of BIND - and we are going to similarly include that in a future release of Owl. The ISC's description of the issue implies that for the attack to work the DNS server must be configured to use TSIG-based authentication of transactions and the attacker must in fact authenticate successfully. Thus, it appears that the attack may only be carried out via a related previously compromised DNS server and only if both servers are configured to use TSIG-based authentication. The impact of a successful attack is limited to denial of the DNS service.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: May 23, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: May 22, 2006
Unknown
Sun Microsystems is currently investigating the impact of the OUSPG DNS test suite to Sun's products. If any issues are identified, Sun will publish Sun Alerts which will include details of the impact and suggested resolution for those issues.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 26, 2006 Updated: April 26, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.