Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
HP Tru64 UNIX DNS BIND4/BIND8 Facilitates Cache Corruption Attacks
SecurityTracker Alert ID:  1015606
SecurityTracker URL:
CVE Reference:   CVE-2006-0527   (Links to External Site)
Updated:  Apr 20 2006
Original Entry Date:  Feb 9 2006
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4, 8
Description:   A vulnerability was reported in HP Tru64 UNIX running DNS BIND4/BIND8 when configured as forwarders. This may facilitate DNS corruption attacks against DNS clients.

A remote user can conduct DNS cache corruption attacks via BIND4 or BIND8 servers that are configured as forwarders. As a result, the remote user may be able to gain access to systems running DNS clients.

[Editor's note: This vulnerability applies to BIND4 and BIND8 in general and is not limited to the HP Tru64 UNIX implementation.]

[Editor's note: This is a duplicate entry for a previously issued alert (Alert ID 1015551). This entry will be deleted shortly. Please refer to the original alert.]

Impact:   A remote user may be able to conduct DNS cache poisoning attacks via affected nameservers.
Solution:   HP has issued the following Early Release Patch (ERP) kits.

HP Tru64 UNIX Version 5.1B-3 ERP Kit


Name: T64KIT1000207-V51BB26-ES-20051212

MD5 Checksum: b4cc5c0dd9dbec8d644444e8036f44dc

HP Tru64 UNIX Version 5.1B-2/PK4 ERP Kit


Name: T64KIT1000208-V51BB25-ES-20051213

MD5 Checksum: 6b388a0067f3e26a3a161edf28506769

HP Tru64 UNIX Version 5.1A PK6 ERP Kit


Name: T64KIT1000209-V51AB24-ES-20051213

MD5 Checksum: 02b95600c15c35ad2991ec247c3cd9fb

HP Tru64 UNIX Version 4.0G PK4 ERP Kit


Name: T64KIT1000211-V40GB22-ES-20051210

MD5 Checksum: 6f44f115dc564d67c073fa56989634c1

HP Tru64 UNIX Version 4.0F PK8 ERP Kit


Name: DUXKIT1000210-V40FB22-ES-20051210

MD5 Checksum: db6ce0a77906512ba45bc10cc8c518a7

The HP advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Tru64)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC