Nortel Guidance for Multiple Vendor Fixes for BIND/DNS Cache Poison Vulnerability - CVE-2008-1447
| Description: |
Multiple vendors have released fixes for the BIND/DNS Cache Poison Vulnerability described by CVE-2008-1447. Some Nortel products contain the affected software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Note that recommendations for the Microsoft fix, MS08-037, are addressed by Nortel bulletin id 2008008989. This bulletin addresses the following CVEs: 1. CVE-2008-1447 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability." Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008009038, Rev 1 |
| Status: |
Retired |
| Date: |
2009-06-22 |
