thr3ads.net - Secure testing commits - [Secure-testing-commits] r4086

If this information is useful, please help other people find it:
Share via:

Florian Weimer

2006-May-28 09:53 UTC

[Secure-testing-commits] r4086 - data/CVE

Author: fw
Date: 2006-05-28 09:52:47 +0000 (Sun, 28 May 2006)
New Revision: 4086

Modified:
   data/CVE/list
Log:
CVE-2002-2211, CVE-2002-2212, CVE-2002-2213: bind affected, bind9 is not


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-28 09:38:36 UTC (rev 4085)
+++ data/CVE/list	2006-05-28 09:52:47 UTC (rev 4086)
@@ -119,11 +119,14 @@
 CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows
local ...)
 	TODO: check
 CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One,
when ...)
-	TODO: check
+	NOT-FOR-US: Infoblox DNS One
 CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when
...)
-	TODO: check
+	NOT-FOR-US: Fujitsu UXP/V
 CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for
arbitrary ...)
-	TODO: check
+	- bind <unfixed> (medium)
+	- bind9 <not-affected> (does not send parallel queries)
+	NOTE: Disabling recursion does not close all attack vectors.
+	NOTE: Browser reflection attacks will still work.
 CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute
arbitrary ...)
 	NOT-FOR-US: perlpodder
 CVE-2006-XXXX [shadow useradd arbitrary file chmod?]

Secure testing commits - May 2006 - r4086 - data/CVE

[Secure-testing-commits] r4086 - data/CVE