Alcatel Unknown

Updated:  February 25, 2003

Status

Unknown

Vendor Statement

Following CERT advisory CA-2002-31 on security vulnerabilities in the ISC BIND implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products (OmniSwitch 6600, 7700, 8800) may be impacted. Customers may wish to contact their support for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC BIND security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer Inc. Affected

Updated:  December 02, 2002

Status

Affected

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3 Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server This is addressed in Security Update 2002-11-21 http://www.apple.com/support/security/security_updates.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software Not Affected

Notified:  November 12, 2002 Updated: November 13, 2002

Status

Not Affected

Vendor Statement

MontaVista ships BIND 9, thus is not vulnerably to these advisories.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nominum Not Affected

Updated:  November 13, 2002

Status

Not Affected

Vendor Statement

Nominum "Foundation" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum "Foundation" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum "Foundation" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks Affected

Updated:  December 03, 2002

Status

Affected

Vendor Statement

NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts: North America: 1-800-4NORTEL or 1-800-466-7835 Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 Optivity NMS is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please note that there was a delay in posting Nortel's vendor statement update. Their update was sent to the CERT/CC on Nov 27, 2002.

Red Hat Inc. Affected

Notified:  November 12, 2002 Updated: November 13, 2002

Status

Affected

Vendor Statement

Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues. All users who have BIND installed should ensure that they are running these updated versions of BIND. http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.