topic Re: Patch needed in Operating System - HP-UX

Patch needed

F Verschuren — Fri, 01 Aug 2008 10:27:10 GMT

Hi,
There is a report that there is a big security issue whit DSN does somebody knows if hp has a patch?

more info:
Technical Cyber Security Alert TA08-190B

Multiple DNS implementations vulnerable to cache poisoning

Original release date: July 08, 2008
Last revised: --
Source: US-CERT

Systems Affected

Systems implementing:
* Caching DNS resolvers
* DNS stub resolvers

Affected systems include both client and server systems, and any other
networked systems that include this functionality.

Re: Patch needed

Anshumali — Fri, 01 Aug 2008 10:51:16 GMT

Have a look here....looks you are talking bout this.
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01506861-2

Re: Patch needed

F Verschuren — Mon, 04 Aug 2008 06:53:30 GMT

It seems that hp des not have a patch availeble jet for the "virus".

Re: Patch needed

Dennis Handly — Mon, 04 Aug 2008 07:45:39 GMT

>It seems that HP does not have a patch available yet for the "virus".

That's not strictly true. From Anshumali's link, it has new bind versions you can download and it mentions PHNE_37865.

Re: Patch needed

F Verschuren — Mon, 04 Aug 2008 15:41:58 GMT

Tanks, hp gave a update this morning that there was a patch,

I was talking about
http://www.isc.org/index.pl?/sw/bind/bind-security.php

reading this is a system what has /usr/sbin/rpcbind running vulable??

Re: Patch needed

Dennis Handly — Tue, 05 Aug 2008 03:13:04 GMT

>reading this is a system what has /usr/sbin/rpcbind running vulnerable??

Are you asking if this bind problem effects rpcbind?
I would think they are completely different.

Re: Patch needed

F Verschuren — Tue, 05 Aug 2008 06:37:25 GMT

Tanks, all!

We will patch all the dns servers.
And we advice everybody to do the same

to quote IBM:

So we've moved from "the bad guys are out there" past "the invaders are at the gate" and on to "the bad guys are slipping inside". If your organization has not yet patched your DNS servers

Other qoute of IBM:
IBM has anounced specific patch releases as per 20 august 2008. These patches must be applied immidiatly as the exploit is already known to "certain" communities.
The possistion of the DNS-environment in the landscape is not relevant for this exploit.

Luckly HP has the patch avalable!

Re: Patch needed

Bob E Campbell — Wed, 06 Aug 2008 16:19:06 GMT

Use Software Assistant to determine your status with all published Security Bulletins. Get SWA from https://www.hp.com/go/swa and then use the command:

# swa report -a SEC -r issue

To see all exposures. Use the HTML report created as ~/.swa/report/swa_report.html to have direct links to the bulletin text itself.

In the action report all required patches will be listed, and non-patch actions such as product updates and removals will be listed in the manual actions section.

The patch-specific content can be downloaded using the command:

# swa get -t /depots/mySecPatchDepot