---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: HP Tru64 UNIX BIND Query Port DNS Cache Poisoning SECUNIA ADVISORY ID: SA31495 VERIFY ADVISORY: http://secunia.com/advisories/31495/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote OPERATING SYSTEM: HP Tru64 UNIX 5.x http://secunia.com/product/2/ DESCRIPTION: HP has acknowledged a vulnerability in HP Tru64 UNIX, which can be exploited by malicious people to poison the DNS cache. For more information: SA30973 The vulnerability is reported in BIND v 9.2.8 and earlier running on HP Tru64 UNIX v 5.1B-4 and HP Tru64 UNIX v 5.1B-3. SOLUTION: Apply patches. HP Tru64 UNIX Version v 5.1B-4: PREREQUISITE: HP Tru64 UNIX v 5.1B-4 PK6 (BL27) Name: T64KIT1001520-V51BB27-ES-20080808 http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001520-V51BB27-ES-20080808 HP Tru64 UNIX Version v 5.1B-3: PREREQUISITE: HP Tru64 UNIX v 5.1B-3 PK5 (BL26) Name: T64KIT1001522-V51BB26-ES-20080808 http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001522-V51BB26-ES-20080808 ORIGINAL ADVISORY: HPSBTU02358 SSRT080058: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01527346 OTHER REFERENCES: SA30973: http://secunia.com/advisories/30973/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------