Notified: March 21, 2003 Updated: May 23, 2003
Affected
The Cisco Content Service Switch (CSS) 11000 and 11500 series switches respond to certain Domain Name Service (DNS) name server record requests with an error code and no Start of Authority (SOA) records, which can be negatively cached by some DNS name servers resulting in a potential denial-of-service attack for a particular domain name hosted by a CSS. To be affected by this vulnerability, CSS devices must be configured for Global Server Load Balancing. The CERT/CC issued a vulnerability note on this issue (VU#714121). Cisco is providing repaired software, and customers are urged to upgrade to repaired code. This vulnerability in CSS is documented as Cisco Bug IDs CSCdz62499 and CSCea36989. http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 21, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 21, 2003 Updated: May 23, 2003
Not Affected
F5 Networks products contain BIND 8.2 or later, and are therefore not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 21, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 21, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 21, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.