HP Tru64 UNIX - SSRT080058 DNS Cache Poisoning

Copyright (c) Hewlett-Packard Company 2008.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   IX_BINDKIT.tar.gz
     ECO Kit Approximate Size:  24MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.8

     ECO Kit CHECKSUMS:
        /usr/bin/sum results:
        37914  23486

        /usr/bin/cksum results:
        447562445 24049605

        MD5 results:
        1d3da64e37d9e4a13d70ecbae26b39c7 

        SHA1 results:
        7d5e591832b5a510986d842359f0b9b3b1ee6109


ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.8
(IX) that contains solutions to the following problems:

A potential security vulnerability has been reported on the HP Tru64 UNIX Operating
System or Internet Express (IX) running BIND whereby deficiencies in the DNS protocol
and common DNS implementations facilitate DNS cache poisoning attacks.


The patches in this kit will also be available in the next mainstream
patch kit - IX 6.9.


Special Installation Instructions

The kit "IX_BINDKIT.tar.gz" when untarred contains the following files:
- IX_BINDKIT/bind-9.3.5-P2.bin.tar.gz (installable kit)
- IX_BINDKIT/bind_src.tar.gz (bind sources)

Installing the kit

1. Untar the IX_BINDKIT.tar.gz kit using the command
       #gunzip -c IX_BINDKIT.tar.gz | tar xf -

2. #cd IX_BINDKIT/

3. #ls
   bind-9.3.5-P2.bin.tar.gz  bind_src.tar.gz

4. To install the binaries, follow these steps:

       # gunzip -c  postgresql-8.2.6.bin.tar.gz | tar xf -

       # ls
	 BINDKIT

       # cd BINDKIT

       # ls -R
	IAE.image   IAEBIND681  INSTCTRL    instctrl

	./instctrl:
	IAE.image        IAE681.comp      IAEBIND681.ctrl  IAEBIND681.inv   IAEBIND681.scp

       # setld -l .


SUPERSEDE INFORMATION:

  None


KNOWN PROBLEMS WITH THE PATCH KIT:

None.

This patch delivers the following files:

IAE.image
IAEBIND681
INSTCTRL
./instctrl/IAE.image
./instctrl/IAE681.comp
./instctrl/IAEBIND681.ctrl
./instctrl/IAEBIND681.inv
./instctrl/IAEBIND681.scp

bind v 9.3.5-P2 souces and license


[R] UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2008.  All Rights reserved.