Adns Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Apple Computer Inc. Not Affected

Notified:  January 17, 2005 Updated: March 18, 2005

Status

Not Affected

Vendor Statement

Mac OS X 10.2, Mac OS X Server 10.2, and later do not contain this issue as the DNS packages distributed are not susceptible to the vulnerability described in this advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

BlueCat Networks Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Check Point Not Affected

Notified:  January 17, 2005 Updated: January 24, 2005

Status

Not Affected

Vendor Statement

Check Point products are not vulnerable to these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Conectiva Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Cray Inc. Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Debian Not Affected

Notified:  January 17, 2005 Updated: January 25, 2005

Status

Not Affected

Vendor Statement

It seems that Debian stable is not vulnerable to either vulnerability and Debian testing/unstable is only vulnerable to CAN-2005-033 (VU#327633). The versions included are too old and the vulnerability does not seem to be present in the older versions indeed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

EMC Corporation Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Engarde Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

F5 Networks Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

FreeBSD Affected

Notified:  January 17, 2005 Updated: June 21, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The FreeBSD security team has released FreeBSD Security Advisory FreeBSD-SA-05:12.bind9 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Fujitsu Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

GNU glibc Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hewlett-Packard Company Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hitachi Not Affected

Notified:  January 17, 2005 Updated: January 20, 2005

Status

Not Affected

Vendor Statement

NOT VULNERABLE Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM Not Affected

Notified:  January 17, 2005 Updated: January 24, 2005

Status

Not Affected

Vendor Statement

The AIX Operating System is not vulnerable to the issues discussed in CERT Vulnerability Notes VU#938617, VU#327633 or any Technical Cyber Security Alerts related to these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM eServer Unknown

Notified:  January 17, 2005 Updated: February 01, 2005

Status

Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be refferred to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM-zSeries Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Immunix Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

InfoBlox Not Affected

Notified:  February 04, 2005 Updated: March 18, 2005

Status

Not Affected

Vendor Statement

VU #938617: BIND 9.3.0 vulnerable to denial of service in validator code The Infoblox DNS One product is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Ingrian Networks Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

ISC Affected

Updated:  January 25, 2005

Status

Affected

Vendor Statement

Workaround: Turn off dnssec validation (off by default) at the options/view level. dnssec-enable no; Fix: Upgrade to BIND 9.3.1 http://www.isc.org/sw/bind/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Juniper Networks Not Affected

Notified:  January 17, 2005 Updated: January 24, 2005

Status

Not Affected

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Lucent Technologies Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MandrakeSoft Affected

Notified:  January 17, 2005 Updated: January 31, 2005

Status

Affected

Vendor Statement

Mandrakesoft has fixed VU#938617 in advisory MDKSA-2005:023. We do not ship any products with BIND 8 so are not vulnerable to VU#327633.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Mandrakesoft has published Mandrakelinux Security Update Advisory MDKSA-2005:023 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Men&Mice Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MetaSolv Software Inc. Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Microsoft Corporation Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MontaVista Software Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NEC Corporation Not Affected

Notified:  January 17, 2005 Updated: March 18, 2005

Status

Not Affected

Vendor Statement

* NEC products are NOT susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NetBSD Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nokia Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nortel Networks Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Novell Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

OpenBSD Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Openwall GNU/*/Linux Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Red Hat Inc. Not Affected

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Not Affected

Vendor Statement

Red Hat Enterprise Linux ships with a BIND package, however we have verified that the versions included in Red Hat Enterprise Linux are not vulnerable to these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO-LINUX Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO-UNIX Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sequent Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SGI Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sony Corporation Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sun Microsystems Inc. Not Affected

Notified:  January 17, 2005 Updated: January 24, 2005

Status

Not Affected

Vendor Statement

Sun is not affected by either of these vulnerabilities. No version of Solaris ships with any of the affected versions of BIND and the Sun Java Desktop System (Linux) doesn't ship an affected version of BIND either.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SuSE Inc. Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Trustix Secure Linux Affected

Updated:  February 16, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Trustix development team has published Trustix Secure Linux Security Advisory #2005-0003 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

TurboLinux Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Unisys Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  January 17, 2005 Updated: January 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

View all 48 vendors View less vendors