Notified: December 03, 2014 Updated: December 03, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 03, 2014 Updated: December 03, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 17, 2014 Updated: December 18, 2014
Statement Date: December 18, 2014
Not Affected
"Knot DNS is an authoritative-only DNS and thus is not vulnerable to this attack. We are in early stages of development for Knot DNS Resolver, so we will make sure that we mitigate this vulnerability."
We are not aware of further vendor information regarding this vulnerability.
Notified: December 03, 2014 Updated: December 10, 2014
Statement Date: December 04, 2014
Not Affected
"All versions: Not vulnerable."
We are not aware of further vendor information regarding this vulnerability.
Notified: December 03, 2014 Updated: December 05, 2014
Statement Date: December 04, 2014
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 11, 2014 Updated: May 11, 2015
Statement Date: December 22, 2014
Affected
All products are affected if they are used as a recursive DNS server. All versions are affected. Upgrade to the latest patch of your release: 5.0.4.p1 or 5.0.3.p4. Available releases can be downloaded at: http://www.efficientip.com/support-services/
CVE-2014-8602 covers this vulnerability if you are running Unbound. CVE-2014-8500 covers this vulnerability if you are running BIND.
Notified: December 17, 2014 Updated: December 18, 2014
Statement Date: December 18, 2014
Not Affected
"We are not affected by this issue as we currently do not provide a recursive resolver."
We are not aware of further vendor information regarding this vulnerability.
Notified: November 24, 2014 Updated: November 24, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 17, 2014 Updated: December 18, 2014
Statement Date: December 18, 2014
Not Affected
"gdnsd is not vulnerable to this attack because it is a pure authoritative server; it never sends DNS queries to other servers."
We are not aware of further vendor information regarding this vulnerability.
Notified: December 03, 2014 Updated: December 17, 2014
Statement Date: December 17, 2014
Not Affected
"adns is a stub resolver and does not follow delegation chains at all. So it is not vulnerable."
We are not aware of further vendor information regarding this vulnerability.
Updated: December 18, 2014
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 24, 2014 Updated: December 11, 2014
Statement Date: December 11, 2014
Affected
"All versions of NIOS prior to 6.8.13, 6.10.11, 6.11.7 and 6.12.2 are affected by the vulnerability. Please update to fixed versions available through the Infoblox support site or contact Infoblox Support for further assistance."
We are not aware of further vendor information regarding this vulnerability.
Updated: December 09, 2014
Affected
Upgrade to the patched release most closely related to your current version of BIND. Patched builds of currently supported branches of BIND (9.9 and 9.10) can be downloaded via http://www.isc.org/downloads BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1
This vulnerability has been fixed in the latest version of BIND. Users are encouraged to update BIND as soon as possible. This issue in BIND is assigned CVE-2014-8500.
Notified: December 17, 2014 Updated: December 18, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 03, 2014 Updated: January 26, 2015
Statement Date: January 24, 2015
Affected
"I have released MaraDNS 2.0.10, MaraDNS 1.4.15, and Deadwood 3.2.06 which are patched against this possible vulnerability. Downloads are available at http://maradns.samiam.org/download/ and https://github.com/samboy/MaraDNS".
We are not aware of further vendor information regarding this vulnerability.
Notified: December 18, 2014 Updated: December 29, 2014
Statement Date: December 20, 2014
Not Affected
"The Windows DNS server is "not affected" ... The Windows DNS server by default has ways to put a cap on the maximum effort it makes to resolve such chains. [Administrators] can further reduce or increase the cap as suited."
The statement above refers to the following Microsoft TechNet Blog post describing how administrators may set the effort cap on the Microsoft DNS server: http://blogs.technet.com/b/networking/archive/2014/12/15/handling-endless-delegation-chains-in-windows-dns-server.aspx
Updated: October 26, 2015
Affected
We provide information on this issue at the following URL
We are not aware of further vendor information regarding this vulnerability.
Updated: December 09, 2014
Affected
No statement is currently available from the vendor regarding this vulnerability.
CVE-2014-8602 covers this vulnerability in Unbound.
Notified: November 24, 2014 Updated: December 09, 2014
Statement Date: December 09, 2014
Not Affected
"Nominum servers are not vulnerable to this attack directly".
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: December 18, 2014
Statement Date: December 10, 2014
Not Affected
"OpenDNS is not vulnerable to this attack."
We are not aware of further vendor information regarding this vulnerability.
Updated: December 09, 2014
Affected
Upgrade to PowerDNS Recursor 3.6.2.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 24, 2014 Updated: December 19, 2014
Statement Date: December 19, 2014
Not Affected
""Secure64 servers are not directly vulnerable to this infinite recursion attack".
We are not aware of further vendor information regarding this vulnerability.