SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03312535
Version: 1
HPSBOV02774 SSRT100684 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-13
Last Updated: 2012-06-13
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. The vulnerability could be remotely exploited to cause a Denial of Service (DoS).
References: CVE-2011-4313
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v 5.4, v 5.5, v 5.6 and v 5.7 on Itanium and ALPHA Servers.
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-4313
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following patch kits available to resolve the vulnerability.
The patch kits and installation instructions are available from HP Support Center (HPSC)
To download a patch kit from HPSC :
Go to http://hp.com/go/hpsc .
Login using your HP Passport account.
Use the Search: HP Support Center at the top to search for the Patch Kit Name from the table below.
HP TCP/IP Services for OpenVMS Versions
Platform
Patch Kit Name
v 5.4 ECO 7
ALPHA
DEC-AXPVMS-TCPIP_BIND_PAT-V0504-ECO7B-4
v 5.5 ECO 3
ALPHA
DEC-AXPVMS-TCPIP_BIND_PAT-V0505-ECO3C-4
v 5.5 ECO 3
ITANIUM
HP-I64VMS-TCPIP_BIND_PAT-V0505-ECO3D-4
v 5.6 ECO 5
ALPHA
DEC-AXPVMS-TCPIP_BIND_PAT-V0506-ECO5A-4
v 5.6 ECO 5
ITANIUM
HP-I64VMS-TCPIP_BIND_PAT-V0506-ECO5A-4
v 5.7 ECO 3
ALPHA
DEC-AXPVMS-TCPIP_BIND_PAT-V0507-ECO3A-4
v 5.7 ECO 3
ITANIUM
HP-I64VMS-TCPIP_BIND_PAT-V0507-ECO3A-4
HISTORY
Version:1 (rev.1) 13 June 2012 Initial release
Posljednje sigurnosne preporuke