Oval Definition:oval:org.mitre.oval:def:7261
Revision Date:2014-03-24Version:22
Title:HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description:Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-4022
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02546
  • HP-UX B.11.23
  • AND filesets tests
  • BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.7.0
  • OR BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.7.0
  • OR Criteria meets HP Security Bulletin HPSBUX02546
  • HP-UX B.11.23
  • AND filesets tests
  • InternetSrvcs.INETSVCS-INETD is installed
  • OR InternetSrvcs.INETSVCS-RUN is installed
  • OR InternetSrvcs.INETSVCS2-RUN is installed
  • AND NOT Patch PHNE_40339 is installed
  • OR Criteria meets HP Security Bulletin HPSBUX02546
  • HP-UX B.11.11
  • AND BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.7.0
  • OR Criteria meets HP Security Bulletin HPSBUX02546
  • HP-UX B.11.11
  • AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.015
    • BACK