---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: HP TCP/IP Services for OpenVMS BIND DNS Cache Poisoning SECUNIA ADVISORY ID: SA31482 VERIFY ADVISORY: http://secunia.com/advisories/31482/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: HP TCP/IP Services for OpenVMS 5.x http://secunia.com/product/2949/ DESCRIPTION: HP has acknowledged a vulnerability in HP OpenVMS TCP/IP Services, which can be exploited by malicious people to poison the DNS cache. For more information: SA30973 The vulnerability is reported in the following products when running BIND: * HP Alpha running TCP/IP Services for OpenVMS v 5.4 ECO 7 * HP Integrity and HP Alpha running TCP/IP Services for OpenVMS v 5.5 ECO 3 * HP Integrity and HP Alpha running TCP/IP Services for OpenVMS v 5.6 ECO 2 SOLUTION: Apply ERP Kits or update to HP OpenVMS TCP/IP Services v 5.6 ECO 3 when available. HP Alpha BIND Server Patch for TCP/IP Services for OpenVMS v 5.4 ECO 7, v 5.5 ECO 3, v 5.6 ECO 2: ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_ALPHA HP Integrity BIND Server Patch for TCP/IP Services for OpenVMS v 5.5 ECO 3, v 5.6 ECO 2: ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_I64 ORIGINAL ADVISORY: HPSBOV02357 SSRT080058: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520 OTHER REFERENCES: SA30973: http://secunia.com/advisories/30973/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------