Novell Home

My Favorites

Close

Please to see your favorites.

Status of CVE-2008-1447 - Multiple DNS implementations vulnerable to cache poisoning

This document (7000912) is provided subject to the disclaimer at the end of this document.

Environment

Novell NetWare
Novell openSUSE
Novell SUSE Linux Enterprise
Novell Open Enterprise Server (NetWare based)
Novell Open Enterprise Server (Linux based)

ISC BIND

Situation

On July 8th, 2008, CERT released Vulnerability Note VU#800113 regarding deficiencies in the DNS protocol and common DNS implementations that facilitate DNS cache poisoning attacks. The Common Vulnerabilities and Exposures (CVE) identifier for this issue is CVE-2008-1447.

Status - BIND packages on Linux (Last updated: 2008-07-11)

The BIND packages in Novell's Linux products were affected by this issue. Fixed packages have been released for SLES10 SP2, SLES10 SP1, SLES9 as well as for openSUSE 11.0, 10.3 and 10.2.

Status - novell-bind packages on OES2 (Last updated: 2008-07-26)

Open Enterprise Server 2 includes novell-bind which provides an eDirectory-integrated DNS server. Fixes for this issue were release July 25th, 2008, in novell-bind-9.3.2-52.3.i586.rpm& novell-bind-9.3.2-52.3.x86_64.rpm

Status - NetWare (Last updated: 2008-07-26)

Novell has identified that NetWare (all versions) is susceptible to the DNS cache poisoning security flaw. Fixes for this issue were included in named.nlm released July 25th, 2008.

Status

Security Alert
Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7000912
  • Creation Date:10-JUL-08
  • Modified Date:08-NOV-12
    • NovellNetWare
      Open Enterprise Server
    • SUSESUSE Linux Enterprise Server

Did this document solve your problem? Provide Feedback