-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03388901 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03388901 Version: 2 HPSBUX02795 SSRT100878 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-07-02 Last Updated: 2012-07-25 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). References: CVE-2012-1667 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.13.0 HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.11.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1667 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided updated versions of the BIND service to resolve this vulnerability. These upgrades are available from the following location http://software.hp.com BIND 9.3.2 for HP-UX Release Depot Name B.11.11 (PA and IA) HP-UX_11.11_DNSUPGRADE_C.9.3.2.11.0_HP-UX_B.11.11_32_64.depot B.11.23 (PA and IA) HP-UX_11.23_DNSUPGRADE_C.9.3.2.11.0_HP-UX_B.11.23_IA_PA.depot B.11.31 (PA and IA) HP-UX_11.31_HPUX-NameServer_C.9.3.2.13.0_HP-UX_B.11.31_IA_PA.depot MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For BIND 9.3 HP-UX B.11.11 ================== BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.11.0 or subsequent HP-UX B.11.23 ================== BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.11.0 or subsequent HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.3.2.13.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 2 July 2012 Initial release Version:2 (rev.2) - 25 July 2012 General Release update available Support: For further information, contact normal HP Services support channel. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlAQMX8ACgkQ4B86/C0qfVmgJACg+ZzKdJbS7SZ3K3gcJX7d9gvJ yHgAnRWvYZGSwFoc16MB+vHePZg7onWd =Hyak -----END PGP SIGNATURE-----