Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: March 18, 2005
Not Affected
Mac OS X 10.2, Mac OS X Server 10.2, and later do not contain this issue as the DNS packages distributed are not susceptible to the vulnerability described in this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Check Point products are not vulnerable to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 25, 2005
Not Affected
It seems that Debian stable is not vulnerable to either vulnerability and Debian testing/unstable is only vulnerable to CAN-2005-033 (VU#327633). The versions included are too old and the vulnerability does not seem to be present in the older versions indeed.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: June 21, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The FreeBSD security team has released FreeBSD Security Advisory FreeBSD-SA-05:12.bind9 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 20, 2005
Not Affected
NOT VULNERABLE Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
The AIX Operating System is not vulnerable to the issues discussed in CERT Vulnerability Notes VU#938617, VU#327633 or any Technical Cyber Security Alerts related to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: February 01, 2005
Unknown
For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be refferred to servsec@us.ibm.com.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: February 04, 2005 Updated: March 18, 2005
Not Affected
VU #938617: BIND 9.3.0 vulnerable to denial of service in validator code The Infoblox DNS One product is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: January 25, 2005
Affected
Workaround: Turn off dnssec validation (off by default) at the options/view level. dnssec-enable no; Fix: Upgrade to BIND 9.3.1 http://www.isc.org/sw/bind/
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Juniper Networks products are not susceptible to this vulnerability
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 31, 2005
Affected
Mandrakesoft has fixed VU#938617 in advisory MDKSA-2005:023. We do not ship any products with BIND 8 so are not vulnerable to VU#327633.
The vendor has not provided us with any further information regarding this vulnerability.
Mandrakesoft has published Mandrakelinux Security Update Advisory MDKSA-2005:023 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: March 18, 2005
Not Affected
* NEC products are NOT susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 18, 2005
Not Affected
Red Hat Enterprise Linux ships with a BIND package, however we have verified that the versions included in Red Hat Enterprise Linux are not vulnerable to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 24, 2005
Not Affected
Sun is not affected by either of these vulnerabilities. No version of Solaris ships with any of the affected versions of BIND and the Sun Java Desktop System (Linux) doesn't ship an affected version of BIND either.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: February 16, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Trustix development team has published Trustix Secure Linux Security Advisory #2005-0003 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: January 17, 2005 Updated: January 17, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.