SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   BIND Vendors:   HPE
HP Tru64 UNIX BIND Flaw Facilitates Cache Corruption Attacks and May Let Remote Users Gain Privileged Access
SecurityTracker Alert ID:  1015551
SecurityTracker URL:  http://securitytracker.com/id/1015551
CVE Reference:   CVE-2006-0527   (Links to External Site)
Updated:  Apr 20 2006
Original Entry Date:  Jan 31 2006
Impact:   Modification of user information, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in HP Tru64 UNIX running DNS BIND4/BIND8 when configured as forwarders. This may facilitate DNS corruption attacks against DNS clients and allow a remote user to gain access on the target system.

A remote user can conduct DNS cache corruption attacks via BIND4 or BIND8 servers that are configured as forwarders. As a result, the remote user may be able to gain access to systems running DNS clients.

[Editor's note: This vulnerability applies to BIND4 and BIND8 in general and is not limited to the HP Tru64 UNIX implementation.]

Impact:   A remote user may be able to conduct DNS cache poisoning attacks via affected nameservers to obtain privileged access on the target system.
Solution:   HP has issued the following Early Release Patch kits (ERPs).

HP Tru64 UNIX Version 5.1B-3 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000505-V51BB26-ES-20060406

Name: T64KIT1000505-V51BB26-ES-20060406

MD5 Checksum: 5298ff7f96d97339b13b0354705a3625

HP Tru64 UNIX Version 5.1B-2/PK4 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000504-V51BB25-ES-20060406

Name: T64KIT1000504-V51BB25-ES-20060406

MD5 Checksum: 185b66169f0d74a7ac5edea5bbecbf11

HP Tru64 UNIX Version 5.1A PK6 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000519-V51AB24-ES-20060410

Name: T64KIT1000519-V51AB24-ES-20060410

MD5 Checksum: 00a95acde76a408842f6c49f81d8d605

HP Tru64 UNIX Version 4.0G PK4 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000521-V40GB22-ES-20060410

Name: T64KIT1000521-V40GB22-ES-20060410

MD5 Checksum: ab3cfd38b91a884b02ee2f263b0dd5b0

HP Tru64 UNIX Version 4.0F PK8 ERP Kit

Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1000520-V40FB22-ES-20060410

Name: DUXKIT1000520-V40FB22-ES-20060410

MD5 Checksum: 2cf4adb87454f2c391afa126f0805fd0

The vendor's advisory is available at:

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837

Vendor URL:  www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837 (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Tru64)
Underlying OS Comments:  4.0F PK8, 4.0G PK4, 5.1A PK6, 5.1B-2/PK4, 5.1B-3

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC