Sun Security Blog
Security
|
21 Aug 2009
Sun Alert 239392 Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris A security vulnerability in the DNS protocol may allow remote unprivileged users to cause named(1M) to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services. This issue is also referenced in the following documents: US-CERT Vulnerability Note VU#800113 at http://www.kb.cert.org/vuls/id/800113 CVE-2008-1447 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 State: Resolved First released: 08-Jul-2008
Permalink
|
Comments [4]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_239392_security_vulnerability
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
even though Solaris 8 is EOF I would expect a patch for it as it is listed in the document.
Where do you find Solaris 8 Patches for this DNS issue?
Posted by a on July 09, 2008 at 02:12 PM PDT #
Hi, Solaris 8 is indeed still supported. Unfortunately the fix for Solaris 8 was not available at the time of publication of this Sun Alert. Work is in progress on the Solaris 8 resolution, which will be added to the Sun Alert once it is available.
Posted by Paul Roberts on July 10, 2008 at 02:24 AM PDT #
Thanks, Paul. Is this an official Sun statement? :-)
Posted by randy carpenter on July 11, 2008 at 03:21 PM PDT #
In the meanwhile Interim Security Relief (ISR) is available from
http://sunsolve.sun.com/tpatches
SPARC Platform:
Solaris 9 IDR138950-02
Solaris 8 IDR138951-01
x86 Platform:
Solaris 8 IDR138959-01
Posted by Chandan on July 25, 2008 at 04:06 PM PDT #