NISCC Vulnerability Advisory 758884/NISCC/DNS - Several vulnerabilities have been discovered within the Domain Name System (DNS) protocol by two DNS experts.
f5067cbeef82c7e9ebe4319e90b7534d271c600b27efa839a3fc53279645a68f<html>
<head>
<title>NISCC Vulnerability Advisory 758884</title>
</head>
<body bgcolor="#FFFFCC" lang=EN-GB link=blue vlink=blue style='tab-interval:
36.0pt'>
<div class=Section1>
<div>
<p class=MsoNormal align=center style='text-align:center'><span
style='font-family:Verdana'>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><b><span
style='font-size:13.5pt;font-family:Verdana;color:red'>NISCC Vulnerability
Advisory 758884/NISCC/DNS</span></b><span style='font-size:13.5pt;font-family:
Verdana'><br>
<br>
<b>Vulnerability Issues in Implementations of the DNS Protocol</b></span><span
style='font-family:Verdana'><br>
<br>
<br>
<b>Version Information</b> <O:P></O:P></span></p>
<table class=MsoNormalTable border=1 cellpadding=0 width="61%"
style='width:61.0%;mso-cellspacing:1.5pt;mso-padding-alt:0cm 5.4pt 0cm 5.4pt'>
<tr style='mso-yfti-irow:0'>
<td width="58%" style='width:58.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Advisory Reference<O:P></O:P></span></p>
</td>
<td width="77%" style='width:77.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>758884/NISCC/DNS<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:1'>
<td width="58%" style='width:58.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Release Date<O:P></O:P></span></p>
</td>
<td width="77%" style='width:77.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><st1:date
Year="2004" Day="9" Month="11"><span style='font-family:Verdana'>9 November
2004<O:P></O:P></span></st1:date></p>
</td>
</tr>
<tr style='mso-yfti-irow:2'>
<td width="58%" style='width:58.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Last Revision<O:P></O:P></span></p>
</td>
<td width="77%" style='width:77.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><st1:date
Year="2004" Day="9" Month="11"><span style='font-family:Verdana'>9 November
2004<O:P></O:P></span></st1:date></p>
</td>
</tr>
<tr style='mso-yfti-irow:3;mso-yfti-lastrow:yes'>
<td width="58%" style='width:58.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Version Number<O:P></O:P></span></p>
</td>
<td width="77%" style='width:77.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>1.0</span></p>
</td>
</tr>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>What is <span class=GramE>Affected</span>?<O:P></O:P></b></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>The vulnerabilities
described in this advisory affect the Domain Name System (DNS) protocol. Many
vendors include support for this protocol in their products and may be impacted
to varying degrees, if at all. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>Please note
that the information contained within this advisory is subject to changes. All
subscribers are therefore advised to regularly check the UNIRAS website (<a
href="http://www.uniras.gov.uk/vuls/2004/758884/index.htm">http://www.uniras.gov.uk/vuls/2004/758884/index.htm</a>)
for updates to this notice.</span><O:P></O:P></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>Severity</b><br>
<br>
The severity of these vulnerabilities varies by vendor. Please see the vendor
section below for further information. Alternatively contact your vendor for
product specific information. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>If exploited,
these vulnerabilities could allow an attacker to create a Denial of Service
condition.<o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'><br>
<b>Summary</b><br>
<br>
Several vulnerabilities have been discovered within the Domain Name System (DNS)
protocol by two DNS experts, Roy Arends and Jakob Schlyter. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>The Domain Name
System (DNS) protocol is an Internet service that translates domain names into
Internet Protocol (IP) addresses. Because domain names are alphabetic, they're
easier to remember, however the Internet is really based on IP addresses; hence
every time a domain name is requested, a DNS service must translate the name
into the corresponding IP address. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>NISCC wishes to
advise users of the availability of a test tool that is designed to confirm the
existence of vulnerabilities in the DNS protocol. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>All users of
applications that support DNS are recommended to take note of this advisory and
carry out any remedial actions suggested by their vendor(s).</span><O:P></O:P></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><br>
<b><span style='font-family:Verdana'>Details</span></b><br>
<br>
<span style='font-family:Verdana'>The Domain Name System (DNS) is basically a
database of host information. The DNS protocol is utilised to identify servers
by their IP addresses and aliases given their registered domain name. The
request is usually simple, including just the name of the server. The response
however can be quite complex, because it will contain all the addresses and
aliases that the server might have. A DNS query is sent to a name server to
provoke a response; a DNS response then <span class=GramE>either answers</span>
the query, refers the requester to another set of name servers or signals some
error condition. Please refer to RFC 1034<span class=GramE>:Section</span> 3.7,
RFC 1034:Section 4.1, RFC 1034:Section 4.3.1 and RFC 1035:Section 4.1.1 for
further information on the query-response relationship within the DNS protocol.
<o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>The relevant
vulnerabilities are a result of liberal interpretation of the DNS protocol by <span
class=SpellE>implementors</span>. DNS uses a message format to provide a
mechanism to resolve domain names into IP addresses; a message can either be a
'query' or a 'response'. By <span class=SpellE>implementating</span> the
protocol in such a way in which a 'response' is allowed to be answered with a
'response', this will cause messages to bounce back and forth between the
servers and hence cause a query-<span class=SpellE>respose</span> storm that
can result in a denial-of-service attack. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>In addition, by
sending these implementations a query that appears to originate from the <span
class=SpellE>localhost</span> on UDP port 53, the server will respond to itself
and will keep responding to these responses, hence entering a loop which can
exhaust system resources and hence result in a denial-of-service attack. <o:p></o:p></span></p>
<p style='text-align:justify'><span style='font-family:Verdana'>Vendor specific information will be released as it becomes available and if vendor permission has been received. Subscribers are advised to check the following URL regularly for updates:
<p>
<a href="http://www.uniras.gov.uk/vuls/2004/758884/index.htm
">http://www.uniras.gov.uk/vuls/2004/758884/index.htm</a>
<p>
<i>[Please note that updates to this advisory will not be notified by email.]</i><o:p></o:p></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>This vulnerability has
been assigned the <a href="http://cve.mitre.org/cve">CVE</a> name <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0789">CAN-2004-0789</a>.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>Mitigation</b><br>
<br>
Patch all affected implementations.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>Solution</b><br>
<br>
Please refer to the Vendor Information section of this advisory for platform
specific remediation.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><br>
<b>Vendor Information<O:P></O:P></b></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>
The following vendors have provided information about how their products are
affected by these vulnerabilities.<br>
<br>
</span><i><span style='font-size:10.0pt;font-family:Verdana'>Please note that <a
href="http://www.jpcert.or.jp/">JPCERT/CC</a> have released a Japanese language
advisory for this vulnerability which contains additional information regarding
Japanese vendors.</span><span style='font-size:10.0pt;font-family:Verdana'>This advisory is available at <a href="http://jvn.jp/niscc/NISCC-758884.html">http://jvn.jp/niscc/NISCC-758884.html</a>.</span></i></p>
<O:P></O:P>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="80%"
style='width:80.0%;border-collapse:collapse;mso-padding-alt:0cm 0cm 0cm 0cm'>
<tr style='mso-yfti-irow:0'>
<td width="49%" style='width:49.26%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#axis">Axis</a></span></p>
</td>
<td width="50%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#jsh">JH Software</a></span></p>
</td>
<td width="50%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#sprint">Sprint</a></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:1'>
<td width="49%" style='width:49.26%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#cisco">Cisco</a></span><o:p></o:p></p>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#juniper">Juniper</a></span></p>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#verisign">VeriSign</a></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:2'>
<td width="49%" style='width:49.26%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#dnrd">DNRD</a></span></p>
</td>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#men">Men & Mice</a></span></p>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#windriver">WindRiver</a></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:3'>
<td width="49%" style='width:49.26%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#hp">Hewlett-Packard</a></span></p>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#mydns">MyDNS</a></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:1'>
<td width="49%" style='width:49.26%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#jdnss">JDNSS</a></span><o:p></o:p></p>
</td>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#posadis">Posadis</a></span></p>
</td>
<O:P></O:P>
<td width="49%" style='width:50.74%;padding:0cm 0cm 0cm 0cm'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'><a href="#"></a></span></p>
</td>
</tr>
</table>
<p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="100%"
style='width:100.0%;mso-cellspacing:0cm;mso-padding-alt:6.0pt 6.0pt 6.0pt 6.0pt'>
<tr style='mso-yfti-irow:0;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=axis></a><u><span style='font-family:Verdana'>Axis</span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:1;height:64.1pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'>
<p class=MsoNormal><span style='font-family:Verdana'>The DNS issues that Roy <span
class=SpellE>Arends</span> had identified in Axis products have now been
eliminated. <o:p></o:p></span></p>
<p><span style='font-family:Verdana'>The affected products and firmware
release version are:<br>
Axis 2400+ Network Video Server - Release 3.13<br>
Axis 2401+ Network Video Server - Release 3.13<br>
Axis 2460 Network DVR - Release 3.13 <o:p></o:p></span></p>
<p><span style='font-family:Verdana'>Axis 2100 Network Camera - 2.42
(Currently release candidate and will be official soon)<br>
Axis 2110 Network Camera - 2.42 (Currently release candidate and will be
official soon)<br>
Axis 2120 Network Camera - Release 2.42 (Currently release candidate and will
be official soon) <br>
Axis 2420 Network Camera - Release 2.42 <o:p></o:p></span></p>
<p><span style='font-family:Verdana'>The firmware releases can be downloaded
from Axis Support page <a href="http://www.axis.com/techsup/firmware.php">http://www.axis.com/techsup/firmware.php</a>.
</span></p>
</td>
</tr>
<tr style='mso-yfti-irow:2;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=cisco></a><u><span style='font-family:Verdana'>Cisco</span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:3;height:64.1pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'>
<p class=MsoNormal><span style='font-family:Verdana'>Cisco Systems is
evaluating the vulnerabilities identified by NISCC #758884. Should an issue
be found, Cisco will release a Security Advisory. The most up-to-date
information on all Cisco product security issues may be found at <a
href="http://www.cisco.com/go/psirt/">http://www.cisco.com/go/psirt/</a>. </span></p>
</td>
</tr>
<tr style='mso-yfti-irow:4;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=dnrd></a><u><span style='font-family:Verdana'>DNRD</span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:5;height:64.1pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:64.1pt'>
<p class=MsoNormal><span style='font-family:Verdana'>Not vulnerable from
version 2.11 and above.</span></p>
</td>
</tr>
<tr style='mso-yfti-irow:6;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=hp></a><u><span style='font-family:Verdana'>Hewlett-Packard<o:p></o:p></span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:7;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana;mso-bidi-font-family:"Courier New"'>HP has
determined that we are not impacted by this vulnerability.</span><span
style='font-family:Verdana'><o:p></o:p></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:8;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=jdnss></a><u><span style='font-family:Verdana'>JDNSS</span></u></p>
</td>
</tr>
<O:P></O:P>
<tr style='mso-yfti-irow:9;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span style='font-family:Verdana;mso-bidi-font-family:
"Courier New"'>The JDNSS team would like to thank NISCC for notifying us of
the possible vulnerabilities; our testing shows JDNSS is not vulnerable to
these exploits.<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:10;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=jsh></a><u><span style='font-family:Verdana'>JH Software</span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:11;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span style='font-family:Verdana'>JS Software
products are not vulnerable to this vulnerability.</span></p>
</td>
</tr>
<tr style='mso-yfti-irow:10;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=juniper></a><u><span style='font-family:Verdana'>Juniper</span></u></p>
</td>
</tr>
<tr style='mso-yfti-irow:11;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'><span style='font-size:12.0pt;font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:
EN-GB;mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span style='font-family:Verdana'>Juniper Networks
products are not susceptible to this vulnerability.</span></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=men></a><u><span style='font-family:Verdana'>Men & Mice</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>The Men & Mice Suite, which is a DNS and IP management suite, is not affected by this vulnerability.
<p>
QuickDNS Server, a DNS server for Mac OS 8 and 9 which is no longer sold by Men & Mice, was updated to address this vulnerability in the following versions and on the following dates:<br><br>
3.5.2 released October 10, 2001
<br>
2.2.3 released October 22, 2001
</span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=mydns></a><u><span style='font-family:Verdana'>MyDNS</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>MyDNS 0.10.1 and all later versions are not vulnerable.</span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=posadis></a><u><span style='font-family:Verdana'>Posadis</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>Posadis have updated their product to guard against this vulnerability. For more detail, please visit Posadis Security Advsiory at <a href="http://www.posadis.org/security/pos_adv_006.txt">http://www.posadis.org/security/pos_adv_006.txt</a>.</span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=sprint></a><u><span style='font-family:Verdana'>Sprint</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'> <p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>Sprint products are not susceptible to this vulnerability.
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFBE;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=verisign></a><u><span style='font-family:Verdana'>VeriSign</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFBE;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>VeriSign</span></span><span
style='font-family:Verdana'> is pleased to notify NISCC that the
vulnerability in ATLAS identified by Roy <span class=SpellE>Arends</span> has
been corrected. New code addressing the issue was deployed in late January,
2004.</span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:12;height:13.5pt'>
<td width=983 colspan=2 style='width:737.25pt;background:#FFFFAF;padding:
6.0pt 6.0pt 6.0pt 6.0pt;height:13.5pt'>
<p class=MsoNormal tyle='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
name=windriver></a><u><span style='font-family:Verdana'>Wind River</span></u></span><o:p></o:p></p>
</td>
</tr>
<tr style='mso-yfti-irow:13;mso-yfti-lastrow:yes;height:78.85pt'>
<td width=29 style='width:22.1pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width=954 style='width:715.15pt;background:#FFFFAF;padding:6.0pt 6.0pt 6.0pt 6.0pt;
height:78.85pt'>
<p class=MsoNormal><span class=SpellE><span style='font-family:Verdana'>Wind River's response to Vulnerability Advisory 758884/NISCC/DNS:
<p>
Wind River does not ship a DNS server with its products and therefore we believe that we are not vulnerable to the attacks specified in this vulnerability report.
</span><o:p></o:p></p>
</td>
</tr>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>Acknowledgements</b><br>
<br>
NISCC wishes to thank the following:<O:P></O:P></span><o:p></o:p></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="100%"
style='width:100.0%;border-collapse:collapse;mso-padding-alt:4.5pt 4.5pt 4.5pt 4.5pt'
id=AutoNumber3>
<tr style='mso-yfti-irow:0'>
<td width="3%" valign=top style='width:3.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>• <O:P></O:P></span></p>
</td>
<td width="197%" style='width:197.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Roy <span class=SpellE>Arends</span> for his
contributions to this advisory.<o:p></o:p></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:0'>
<td width="3%" valign=top style='width:3.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>• <O:P></O:P></span></p>
</td>
<td width="197%" style='width:197.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Jakob Schlyter, who helped establish the initial list of
vulnerable implementations.<o:p></o:p></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:2;mso-yfti-lastrow:yes'>
<td width="3%" valign=top style='width:3.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>• <O:P></O:P></span></p>
</td>
<td width="197%" style='width:197.0%;padding:4.5pt 4.5pt 4.5pt 4.5pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>JPCERT/CC for their assistance in co-ordinating
this disclosure in </span><ST1:COUNTRY-REGION><ST1:PLACE><st1:country-region><st1:place><span
style='font-family:Verdana'>Japan</span></ST1:PLACE></ST1:COUNTRY-REGION></st1:place></st1:country-region><span
style='font-family:Verdana'>.<O:P></O:P></span></p>
</td>
</tr>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><br>
<b>References</b> <O:P></O:P></span><o:p></o:p></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width="100%"
style='width:100.0%;border-collapse:collapse;mso-padding-alt:3.0pt 3.0pt 3.0pt 3.0pt'
id=AutoNumber7>
<tr style='mso-yfti-irow:0'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="98%" colspan=3 style='width:98.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><i><b><span
style='font-family:Verdana'>Related RFC</span></b></i></p>
</td>
</tr>
<O:P></O:P>
<tr style='mso-yfti-irow:1'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="96%" colspan=2 style='width:96.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>RFC 1034<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:2'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="94%" style='width:94.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><a href="http://www.faqs.org/rfcs/rfc1034.html">http://www.faqs.org/rfcs/rfc1034.html</a><O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:3'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="96%" colspan=2 style='width:96.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>RFC 1035<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:4;mso-yfti-lastrow:yes'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="94%" style='width:94.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><a href="http://www.faqs.org/rfcs/rfc1035.html">http://www.faqs.org/rfcs/rfc1035.html</a><O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:0'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="98%" colspan=3 style='width:98.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><i><b><span
style='font-family:Verdana'>Related Advisories</span></b></i></p>
</td>
</tr>
<O:P></O:P>
<tr style='mso-yfti-irow:1'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="96%" colspan=2 style='width:96.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>CERT/CC<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:2'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="94%" style='width:94.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><a href="http://www.kb.cert.org/vuls/id/887766">http://www.kb.cert.org/vuls/id/887766</a><O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:3'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="96%" colspan=2 style='width:96.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>JPCERT/CC<O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:4;mso-yfti-lastrow:yes'>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="2%" style='width:2.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'><span
style='font-size:12.0pt;font-family:"Times New Roman";mso-fareast-font-family:
"Times New Roman";mso-ansi-language:EN-GB;mso-fareast-language:EN-GB;
mso-bidi-language:AR-SA'><O:P></O:P></span>
<p class=MsoNormal><o:p> </o:p></p>
</td>
<td width="94%" style='width:94.0%;padding:3.0pt 3.0pt 3.0pt 3.0pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><a href="http://jvn.jp/niscc/NISCC-758884.html">http://jvn.jp/niscc/NISCC-758884.html</a><O:P></O:P></span></p>
</td>
</tr>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><br>
<b>Contact Information<O:P></O:P></b></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>The NISCC Vulnerability
Management Team can be contacted as follows: <O:P></O:P></span></p>
<table class=MsoNormalTable border=1 cellspacing=3 cellpadding=0 width="87%"
style='width:87.0%;mso-cellspacing:2.2pt;mso-padding-alt:3.75pt 3.75pt 3.75pt 3.75pt'>
<tr style='mso-yfti-irow:0'>
<td width="30%" valign=top style='width:30.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Email<O:P></O:P></span></p>
</td>
<td width="70%" style='width:70.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><a href="mailto:vulteam@niscc.gov.uk">vulteam@niscc.gov.uk</a>
<br>
<i>(Please quote the advisory reference in the subject line.)</i><O:P></O:P></span></p>
</td>
</tr>
<tr style='mso-yfti-irow:1'>
<td width="30%" valign=top style='width:30.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Telephone<O:P></O:P></span></p>
</td>
<td width="70%" style='width:70.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>+44 (0)870 487 0748 Extension 4511 <br>
<i>(Monday to Friday </i></span><ST1:TIME Hour="8" Minute="30"><st1:time
Minute="30" Hour="8"><i><span style='font-family:Verdana'>08:30 - 17:00</span></i></ST1:TIME></st1:time><i><span
style='font-family:Verdana'>)</span></i></p>
</td>
</tr>
<O:P></O:P>
<tr style='mso-yfti-irow:2'>
<td width="30%" valign=top style='width:30.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Fax<O:P></O:P></span></p>
</td>
<td width="70%" style='width:70.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>+44 (0)870 487 0749</span></p>
</td>
</tr>
<O:P></O:P>
<tr style='mso-yfti-irow:3;mso-yfti-lastrow:yes'>
<td width="30%" valign=top style='width:30.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Post<O:P></O:P></span></p>
</td>
<td width="70%" style='width:70.0%;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>Vulnerability Management Team<br>
NISCC<br>
</span><st1:address><st1:Street><span style='font-family:Verdana'><ST1:ADDRESS><ST1:STREET>PO
Box 832</span></ST1:STREET></st1:Street><span style='font-family:Verdana'><br>
</span><st1:City><span style='font-family:Verdana'><ST1:CITY>London</span></ST1:CITY></st1:City><span
style='font-family:Verdana'><br>
</span><st1:PostalCode><span style='font-family:Verdana'><ST1:POSTALCODE>SW1P
1BG</span></ST1:POSTALCODE></ST1:ADDRESS></st1:PostalCode></st1:address><o:p></o:p></p>
</td>
</tr>
<O:P></O:P>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>We encourage those who
wish to communicate via email to make use of our PGP key. This is available
from <a href="http://www.uniras.gov.uk/UNIRAS.asc">http://www.uniras.gov.uk/UNIRAS.asc</a>.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>Please note that </span><ST1:COUNTRY-REGION><ST1:PLACE><st1:country-region><st1:place><span
style='font-family:Verdana'>UK</span></ST1:PLACE></ST1:COUNTRY-REGION></st1:place></st1:country-region><span
style='font-family:Verdana'> government protectively marked material should not
be sent to the email address above.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>If you wish to be added
to our email distribution list, please email your request to <a
href="mailto:uniras@niscc.gov.uk">uniras@niscc.gov.uk</a>.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'><br>
<b>What is NISCC?<O:P></O:P></b></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>For further information
regarding the UK National Infrastructure Security Co-Ordination Centre, please
visit the NISCC web site at: <a
href="http://www.niscc.gov.uk/aboutniscc/index.htm">http://www.niscc.gov.uk/aboutniscc/index.htm</a><O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>
Reference to any specific commercial product, process or service by trade name,
trademark manufacturer or otherwise, does not constitute or imply its
endorsement, recommendation, or favouring by NISCC. The views and opinions of
authors expressed within this notice shall not be used for advertising or
product endorsement purposes.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>
Neither shall NISCC accept responsibility for any errors or omissions contained
within this advisory. In particular, they shall not be liable for any loss or
damage whatsoever, arising from or in connection with the usage of information
contained within this notice.<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
text-align:justify'><span style='font-family:Verdana'>
© 2004 Crown Copyright<O:P></O:P></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'><br>
<b style='mso-bidi-font-weight:normal'>Revision History<O:P></O:P></b></span></p>
<table class=MsoNormalTable border=0 cellpadding=0 width="100%"
style='width:100.0%;mso-cellspacing:1.5pt;mso-padding-alt:0cm 5.4pt 0cm 5.4pt'>
<tr style='mso-yfti-irow:0;mso-yfti-lastrow:yes'>
<td width="23%" style='width:23.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><ST1:DATE Month="9" Day="15" Year="2004"><st1:date
Year="2004" Day="9" Month="11"><span style='font-size:10.0pt;font-family:
Verdana'>9 November 2004</span></ST1:DATE></st1:date><span style='font-size:
10.0pt;font-family:Verdana'>: </span></p>
</td>
<O:P></O:P>
<td width="77%" style='width:77.0%;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:Verdana'>Initial release (1.0)</span></p>
</td>
</tr>
<O:P></O:P>
</table>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-family:Verdana'>
<End of NISCC Vulnerability Advisory><O:P></O:P></span></p>
</div>
</div>
</div>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed