SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03105548
Version: 1
HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-12-01
Last Updated: 2011-12-01
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2011-4313
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.10.1
HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.9.1
HP-UX B.11.11 running BIND 9.2 prior to C.9.3.2.9.1
HP-UX B.11.23 running BIND 9.2
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-4313
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. When final depots are released this bulletin will be revised.
The upgrades are available from the following location
ftp://s02729:Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
BIND 9.2 for HP-UX Release
Depot Name
B.11.11 PA (32 and 64)
BIND92-1111-wu17.depot
B.11.23 (PA and IA)
UNOF_PHNE_41721_1.depot
BIND 9.3 for HP-UX Release
Depot Name
B.11.11 PA (32 and 64)
BIND93-1111-unof.depot
B.11.23 (PA and IA)
BIND93-1123-unof.depot
B.11.31 (PA and IA)
BIND93-1131-unof.depot
MANUAL ACTIONS: Yes - Update
Download and install the software updates
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.2
HP-UX B.11.11
==================
BINDv920.INETSVCS-BIND
action: install revision B.11.11.01.017 or subsequent
HP-UX B.11.23
==================
InternetSrvcs.INETSVCS-INETD
InternetSrvcs.INETSVCS-RUN
InternetSrvcs.INETSVCS2-RUN
action: install patch PHNE_41721.1 or subsequent
For BIND 9.3
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.9.1 or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.9.1 or subsequent
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.3.2.10.1 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 1 December 2011 Initial release
Posljednje sigurnosne preporuke