Status of CVE-2008-1447 - Multiple DNS implementations vulnerable to cache poisoning

  • 7000912
  • 10-Jul-2008
  • 08-Nov-2012

Environment

Novell NetWare
Novell openSUSE
Novell SUSE Linux Enterprise
Novell Open Enterprise Server (NetWare based)
Novell Open Enterprise Server (Linux based)

ISC BIND

Situation

On July 8th, 2008, CERT released Vulnerability Note VU#800113 regarding deficiencies in the DNS protocol and common DNS implementations that facilitate DNS cache poisoning attacks. The Common Vulnerabilities and Exposures (CVE) identifier for this issue is CVE-2008-1447.

Status - BIND packages on Linux (Last updated: 2008-07-11)

The BIND packages in Novell's Linux products were affected by this issue. Fixed packages have been released for SLES10 SP2, SLES10 SP1, SLES9 as well as for openSUSE 11.0, 10.3 and 10.2.

Status - novell-bind packages on OES2 (Last updated: 2008-07-26)

Open Enterprise Server 2 includes novell-bind which provides an eDirectory-integrated DNS server. Fixes for this issue were release July 25th, 2008, in novell-bind-9.3.2-52.3.i586.rpm& novell-bind-9.3.2-52.3.x86_64.rpm

Status - NetWare (Last updated: 2008-07-26)

Novell has identified that NetWare (all versions) is susceptible to the DNS cache poisoning security flaw. Fixes for this issue were included in named.nlm released July 25th, 2008.

Status

Security Alert
Top Issue