Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
HP-UX Update for BIND v920 HPSBUX00290
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of BIND v920
Insight
Insight
1. Certain ASN.1 encodings that are rejected as invalidby the parser can trigger a bug in the deallocationof the corresponding data structure, corrupting thestack. This can be used as a denial of serviceattack. It is currently unknown whether this can beexploited to run malicious code. This issue does notaffect OpenSSL 0.9.6.<br2. Unusual ASN.1 tag values can cause an out of boundsread under certain circumstances, resulting in adenial of service vulnerability.<br3. A malformed public key in a certificate will crashthe verify code if it is set to ignore public keydecoding errors. Exploitation of an affectedapplication would result in a denial of servicevulnerability.<br4. Due to an error in the SSL/TLS protocol handling,a server will parse a client certificate when one isnot specifically requested.
Affected Software
Affected Software
BIND v920 on HP-UX B.11.00, B.11.11, B.11.22, and B.11.23, running BINDv920.
Solution
Solution
Please Install the Updated Packages.