Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   BIND Vendors:   HPE
HP Tru64 UNIX BIND Flaw Facilitates Cache Corruption Attacks and May Let Remote Users Gain Privileged Access
SecurityTracker Alert ID:  1015551
SecurityTracker URL:
CVE Reference:   CVE-2006-0527   (Links to External Site)
Updated:  Apr 20 2006
Original Entry Date:  Jan 31 2006
Impact:   Modification of user information, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in HP Tru64 UNIX running DNS BIND4/BIND8 when configured as forwarders. This may facilitate DNS corruption attacks against DNS clients and allow a remote user to gain access on the target system.

A remote user can conduct DNS cache corruption attacks via BIND4 or BIND8 servers that are configured as forwarders. As a result, the remote user may be able to gain access to systems running DNS clients.

[Editor's note: This vulnerability applies to BIND4 and BIND8 in general and is not limited to the HP Tru64 UNIX implementation.]

Impact:   A remote user may be able to conduct DNS cache poisoning attacks via affected nameservers to obtain privileged access on the target system.
Solution:   HP has issued the following Early Release Patch kits (ERPs).

HP Tru64 UNIX Version 5.1B-3 ERP Kit


Name: T64KIT1000505-V51BB26-ES-20060406

MD5 Checksum: 5298ff7f96d97339b13b0354705a3625

HP Tru64 UNIX Version 5.1B-2/PK4 ERP Kit


Name: T64KIT1000504-V51BB25-ES-20060406

MD5 Checksum: 185b66169f0d74a7ac5edea5bbecbf11

HP Tru64 UNIX Version 5.1A PK6 ERP Kit


Name: T64KIT1000519-V51AB24-ES-20060410

MD5 Checksum: 00a95acde76a408842f6c49f81d8d605

HP Tru64 UNIX Version 4.0G PK4 ERP Kit


Name: T64KIT1000521-V40GB22-ES-20060410

MD5 Checksum: ab3cfd38b91a884b02ee2f263b0dd5b0

HP Tru64 UNIX Version 4.0F PK8 ERP Kit


Name: DUXKIT1000520-V40FB22-ES-20060410

MD5 Checksum: 2cf4adb87454f2c391afa126f0805fd0

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Tru64)
Underlying OS Comments:  4.0F PK8, 4.0G PK4, 5.1A PK6, 5.1B-2/PK4, 5.1B-3

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC