Security Intelligence Operations

Multiple Vendor DNS Implementations Insufficient Entropy Vulnerability

Vulnerability Alert	Powered by

Threat Type:

Intercept/Monitoring/Traffic Analysis: Corruption

IntelliShield ID:	16183
Version:	30
First Published:	July 08, 2008 04:15 PM EDT
Last Published:	February 03, 2009 01:04 PM EST
Vector:	Network
Authentication:	None
Exploit:	Functional
Port:	Not Available
CVE:	CVE-2008-1447
BugTraq ID:	30131

Urgency:	Possible Use
Credibility:	Confirmed
Severity:	Mild Damage
CVSS Base:	6.4	CVSS Calculator CVSS Version 2
CVSS Temporal:	5.3	CVSS Calculator CVSS Version 2


Version Summary:	HP has released a security bulletin and updates to address the DNS implementation insufficient entropy vulnerability.

Description

DNS implementations of multiple vendors contain a vulnerability that could allow an unauthenticated, remote attacker to conduct DNS cache poisoning attacks.

The vulnerability is due to the use of insufficient entropy when creating DNS transaction identifiers. An unauthenticated, remote attacker could exploit the vulnerability by sending a number of spoofed DNS replies to an affected system. A successful exploit could allow the attacker to poison the local DNS cache of the system. This cache poisoning could allow the attacker to conduct further attacks against hosts that rely on the affected system to perform DNS queries or against the affected system itself.

Exploit code that allows the insertion of malicious DNS records to poison the cache of the targeted DNS server and complete domain hijacking through the modification of start of authority (SOA) records is available.

Multiple vendors have confirmed the vulnerability and released updated software.

Warning Indicators

Multiple vendor products that support DNS services are affected. Individual vendor advisories detail specific affected products.

IntelliShield Analysis

To exploit the vulnerability, an attacker must monitor DNS requests to the affected system. There are several methods by which an attacker can monitor these requests. However, the most likely vector may take the form of a website that is specifically designed for monitoring. If an attacker can convince a user to visit an attacker-controlled site, the attacker could force the user's machine to make numerous requests to an attacker-controlled DNS server. An affected DNS server sends the TXID of the transaction in the initial DNS Query message. This behavior allows the attacker to determine the current value of the entropy pool that the server is using. By forcing the server to send a number of requests, the attacker may gain enough information to extrapolate the range of TXIDs that may be used in the immediate future. The attacker could then use the predicted values to construct seemingly valid malicious responses that may be accepted and processed by the DNS server, entering spoofed DNS entries and poisoning the local DNS cache.

After the attacker causes spoofed DNS entries, the attacker could then cause client requests to be redirected to a malicious site. If the attacker can replace popular DNS names, the attacker could redirect clients to malicious websites or other services, possibly in an attempt to install malicious software or conduct other attacks against affected systems.

Note that this is not a new issue to DNS servers. The ability to spoof DNS transaction IDs has been known and guarded against in many ways over the years. However, it would appear that recently released independent research has identified a reliable and effective method of predicting transaction IDs and source port numbers, forcing vendors to fundamentally rethink the method that is used to generate such identifiers.

Event data from Cisco Remote Management Services indicates a significant increase in activity on signature 4004/0. The data was captured on August 12, 2008. This activity can be triggered by normal network traffic. The signature is also known to be triggered by DNS requests for MX records. These requests may not be malicious, but they could be related to spam. This increase in traffic was expected after technical details were released in a presentation at the Black Hat security conference on August 6, 2008.

Technical details were withheld by vendors and the vulnerability researcher to allow for timely response to correct this vulnerability. However, significant but incomplete details regarding the vulnerability were posted publicly by other parties. This led to the release of functional exploit code prior to the Black Hat presentation where the information was expected to be provided.

Functional exploit code that allows the insertion of malicious DNS records to poison the cache of the targeted DNS server has been publicly released. This exploit caches a single malicious host entry into the DNS server. A successful exploit in this manner allows the attacker to spoof DNS entries, causing the target DNS server to insert the additional malicious record into the cache. Additional exploit code that allows for complete domain hijacking through the modification of SOA records is also available. Multiple exploit tools are publicly available, increasing the risks associated with not patching affected products.

Vendor Announcements

Cisco has re-released a security advisory to address Cisco bug IDs CSCso81854, CSCsq01298, and CSCsq21930 at the following link: cisco-sa-20080708-dns

ISC has released a security advisory at the following link: CERT VU#800113 DNS Cache Poisoning Issue

Microsoft has released a security advisory at the following link: 956187

Microsoft has re-released a security bulletin at the following link: MS08-037

Ruby has released a security advisory available at the following link: Multiple vulnerabilities in Ruby

Alcatel-Lucent has released a security advisory at the following link: Multiple DNS implementations vulnerable to cache poisoning

Apple has released security updates at the following links: Apple Security Update 2008-005 and Security Update 2008-006

Astaro has released a security bugfix report at the following link: Up2Date 7.202 released

Avaya has released a security advisory at the following link: ASA-2008-288

Blue Coat Systems has released a security advisory at the following link: DNS Cache Poisoning Vulnerability (CERT VU#800113)

Citrix has re-released a security advisory at the following link: CTX117991

Debian has released security advisories at the following links:

DSA-1603-1
DSA-1604-1
DSA-1605-1
DSA-1617-1

F5 has released a security advisory for registered users at the following link: sol8938

FreeBSD has released a security advisory at the following direct-download link: FreeBSD-SA-08:06

Gentoo has released security advisories at the following links: GLSA 200807-08 and GLSA 200812-17

HP has released security bulletins at the following links: HPSBUX02351, HPSBOV02357, HPSBTU02358, HPSBMP02404, and HPSBNS02405

IBM has released a security advisory at the following link: 4526

Ingate has provided release notes at the following link: Release notice for Ingate Firewall 4.6.4 and Ingate SIParator 4.6.4

Juniper has released a security advisory for registered users at the following link: PSN-2008-06-040

Mandriva has released a security advisory at the following link: MDVSA-2008:139

NetBSD has released a security advisory at the following FTP link: NetBSD-SA2008-009

Nominum has released a security advisory at the following link: NOM-20080708

Novell has released a security announcement and a technical document at the following links: SUSE-SA:2008:033 and 7000912

OpenBSD has released security announcements at the following links: 013: SECURITY FIX: July 23, 2008 and 004: SECURITY FIX: July 23, 2008

Red Hat has re-released a security advisory at the following link: RHSA-2008:0533

Secure Computing has released a statement at the following link: Secure Computing

Slackware has released security advisories at the following links: SSA:2008-191-02, SSA:2008-205-01, and SSA:2008-334-01

Sun has re-released an alert notification at the following link: 240048

Turbolinux has released a security advisory at the following link: TLSA-2008-26

Ubuntu has released a security notice at the following link: USN-622-1

VMware has re-released a security advisory at the following link: VMSA-2008-0014.3

US-CERT has released a vulnerability note at the following link: VU#800113

Impact

An unauthenticated, remote attacker could exploit the vulnerability to conduct DNS cache poisoning attacks. Such an attack may result in the modification of stored DNS entries, possibly allowing the attacker to conduct further attacks against systems that rely on the affected DNS server.

Technical Information

The vulnerability is due to the use of insufficient entropy when creating DNS transaction identifiers, known as TXIDs. Various vendor DNS implementations follow the DNS specification defined in RFC 1035, which specifies that the transaction ID should be an unsigned, 16-bit number. This number limits the total number of possible IDs to 65,535. As a result, sufficient entropy cannot be introduced to ensure that the TXID of a transaction cannot be guessed by an external entity that is not participating in the DNS transaction. As a result, systems cannot ensure that an entity external to a series of DNS transactions could not guess the TXID.

The vulnerability can be exploited by an unauthenticated, remote attacker by sending a number of spoofed DNS reply requests that contain a forged transaction ID. An exploit could allow the attacker to cause an affected system to enter spurious DNS entries into the local DNS cache. This type of attack is referred to as DNS cache poisoning. Such entries would remain in the affected system's cache until the administrative Time to Live (TTL) has been reached. The attacker could then use the corrupted cache to conduct additional attacks against hosts that use the DNS service that resides on the affected system or against the system itself.

Safeguards

Administrators are advised to apply the appropriate software updates.

Administrators may consider configuring the TTL of DNS caches to a relatively short value.

Administrators may consider disabling DNS caching until updated software can be applied.

Users are advised not to follow unsolicited links. Users should verify the authenticity of unexpected links prior to following them.

Users are advised not to visit untrusted websites or links.

Users are advised to pay particular attention to SSL certificate warnings that may appear unexpectedly.

Additional information about DNS, best practices, network protections, and attack identification for DNS is available in the following Cisco Applied Intelligence white paper: DNS Best Practices, Network Protections, and Attack Identification

Patches/Software

Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com.

ISC has released information regarding obtaining updated software at the following link: ISC

Microsoft has released software updates at the following links:

Ruby has released updated software available at the following ftp links:

Ruby 1.8.6-p287
Ruby 1.8.7-p72
Ruby 1.9 use Subversion for the latest version

Alcatel-Lucent has released patches for registered users at the following link: document 08-0555,08-0562, 08-0565

Apple has released updates at the following links:

Mac OS X and Mac OS X Server 10.4.11
Security Update 2008-006 Server (PPC)
Security Update 2008-006 Server (Intel)
Security Update 2008-006 (PPC)
Security Update 2008-006 (Intel)

Mac OS X and Mac OS X Server 10.5.4
Mac OS X 10.5.5 Update

Astaro has released updates at the following link: Up2Date 7.202

Citrix has released updated firmware at the following links:

NetScaler 8.0 (build 57.3)
NetScaler 8.1 (build 58.5)
Access Gateway Enterprise Edition 8.0 (build 57.3)
Access Gateway Enterprise Edition 8.1 (build 58.5)

Debian has released updated packages at the following links:

Debian (bind9)
Debian (BIND 8)
Debian (libc stub resolver)
Debian (refpolicy)

FreeBSD has released patches at the following HTTP links: bind63.patch and bind7.patch

Gentoo administrators can use the emerge command to obtain updates for the following packages:

net-dns/bind
dev-lang/ruby

HP has released updated software at the following links:

BIND 8.1.2

HP-UX B.11.11 - upgrade to BIND 9.2.0 or BIND 9.3.2 and apply the updates

BIND 9.3.2

HP-UX B.11.11 - install revision C.9.3.2.3.0 or subsequent
HP-UX B.11.23 - install revision C.9.3.2.3.0 or subsequent
HP-UX B.11.31 - install revision C.9.3.2.3.0 or subsequent

BIND 9.2.0

HP-UX B.11.11 - install revision B.11.11.01.011 or subsequent
HP-UX B.11.23 - install patch PHNE_37865 or subsequent

BIND 9.2.8

HP Alpha BIND Server Patch for TCP/IP Services

OpenVMS versions 5.4, 5.5, and 5.6

HP Integrity BIND Server Patch for TCP/IP Services

OpenVMS versions 5.5 and 5.6

Registered users can obtain updated versions at the following links: T0685G06^AAC and T0685^AAD

IBM has released e-fixes for Bind 8 and 9 at the following links:

AIX 5.2.0 TL10 IZ42034_10.090126.epkg.Z
AIX 5.3.0 TL6 IZ42035_06.090126.epkg.Z
AIX 5.3.7 IZ40776_07.090126.epkg.Z
AIX 5.3.8 IZ42037_08.090126.epkg.Z
AIX 5.3.9 IZ42064_09.090126.epkg.Z
AIX 6.1.0 IZ42066_00.090126.epkg.Z
AIX 6.1.1 IZ42123_01.090126.epkg.Z
AIX 6.1.2 IZ42126_02.090126.epkg.Z

Ingate has released upgrades at the following link: Ingate Firewall 4.6.4 and Ingate SIParator 4.6.4

Mandriva products can be updated automatically using MandrivaUpdate.

NetBSD has released information on obtaining source code patches at the following FTP link: NetBSD

Nominum customers can contact their support representatives to obtain update information.

Novell has released updated packages; users can install the updates using YaST.

OpenBSD has released source code patches at the following FTP links: OpenBSD 4.2 and OpenBSD 4.3

Red Hat packages can be updated using the up2date or yum command.

Slackware packages can be updated using the upgradepkg command.

Sun has released patches at the following links:

SPARC
Solaris 8 with patch 109326-23 or later
Solaris 9 with patch 112837-16 or later
Solaris 10 with patch 119783-08 or later

Intel
Solaris 8 with patch 109327-23 or later
Solaris 9 with patch 114265-15 or later
Solaris 10 with patch 119784-08 or later

Turbolinux packages can be updated using the turbopkg command.

Ubuntu has released updated packages; users can install the updates using Update Manager.

VMware has released patches at the following links:

ESX Server 3.5
ESX350-200808409-SG

ESX Server 3.0.3
ESX303-200808406-SG

ESX Server 3.0.2
ESX-1006356

ESX Server 3.0.1
ESX-1005117

ESX Server 2.5.5
Patch 10

ESX Server 2.5.4
Patch 21

Signatures

Cisco Systems Cisco Intrusion Prevention System (IPS) 6.0
4004/0	DNS Flood Attack	S347	07/28/2008

Alert History

Version 29, January 29, 2009, 4:47 PM: HP has released a security bulletin to address the DNS implementation insufficient entropy vulnerability.

Version 28, January 27, 2009, 8:34 AM: IBM has released a security advisory and e-fixes to address the DNS implementation insufficient entropy vulnerability.

Version 27, December 17, 2008, 8:48 AM: Gentoo has released a security advisory and updated Ruby packages to address the DNS implementation insufficient entropy vulnerability.

Version 26, December 1, 2008, 10:51 AM: Slackware has released a security advisory and updated packages for Ruby to address the DNS implementation insufficient entropy vulnerability.

Version 25, September 22, 2008, 9:32 AM: VMware has re-released a security advisory with patches for ESX Server to address the multiple vendor DNS implementations insufficient entropy vulnerability.

Version 24, September 16, 2008, 10:43 AM: Apple has released a security update and updated packages to address the multiple vendor DNS implementations insufficient entropy vulnerability. Ingate has also released a security advisory and upgrades.

Version 23, September 4, 2008, 2:16 PM: VMware has released a security advisory and patches to address the multiple vendor DNS implementations insufficient entropy vulnerability.

Version 22, August 19, 2008, 7:10 PM: Alcatel-Lucent has released a security advisory and updated patches to address the multiple vendor DNS implementations insufficient entropy vulnerability.

Version 21, August 14, 2008, 5:59 PM: HP has released two security bulletins and updated software to address the multiple vendor DNS implementations insufficient entropy vulnerability.

Version 20, August 13, 2008, 6:00 PM: The DNS implementations insufficient entropy vulnerability alert is being updated to detail activity detected on an intrusion prevention system signature that is related to this vulnerability.

Version 19, August 13, 2008, 8:05 AM: Ruby has released a security advisory and updated software to address the DNS implementations insufficient entropy vulnerability.

Version 18, August 11, 2008, 3:18 PM: Sun has re-released an alert notification with patch information to address the DNS implementations insufficient entropy vulnerability. IBM has released APARs to address this vulnerability in BIND.

Version 17, August 7, 2008, 4:55 PM: HP has re-released a security bulletin with updated patch information to address the DNS implementations insufficient entropy vulnerability in BIND.

Version 16, August 6, 2008, 9:44 AM: Astaro has released a security bugfix and updates to address the DNS implementations insufficient entropy vulnerability in BIND. Citrix has also re-released a security advisory with updated firmware.

Version 15, August 1, 2008, 5:06 PM: Apple has released a security update and updated software to address the DNS implementations insufficient entropy vulnerability in BIND. IBM has released Efixes.

Version 14, July 31, 2008, 4:25 PM: Debian has released a security advisory and updated packages for dnsmasq to address the DNS implementations insufficient entropy vulnerability.

Version 13, July 29, 2008, 6:52 PM: Cisco has re-released a security advisory addressing the DNS implementations insufficient entropy vulnerability.

Version 12, July 28, 2008, 6:22 PM: Debian has released a security advisory and updated packages to address known installation issues when patching the DNS implementations insufficient entropy vulnerability in python-dns. Sun has re-released an alert with Interim Security Reliefs. Novell has released updated packages.

Version 11, July 25, 2008, 3:07 PM: Microsoft has released a security advisory and re-released a security bulletin to address known installation issues when patching the DNS implementations insufficient entropy vulnerability. NetBSD and Secure Computing have released security advisories and update information for this vulnerability.

Version 10, July 25, 2008, 12:48 PM: Exploit code that allows for complete domain hijacking through the modification of SOA records is publicly available. Citrix, Debian, and Slackware have also released security advisories and updates to address this vulnerability.

Version 9, July 23, 2008, 9:24 PM: Exploit code that allows the insertion of malicious DNS records to poison the cache of a targeted DNS server has been publicly released. OpenBSD has also released security announcements and patches to address the DNS implementations insufficient entropy vulnerability in BIND.

Version 8, July 22, 2008, 1:21 PM: Reports indicate technical details sufficient to exploit this vulnerability have been released publicly. Blue Coat Systems has released a security advisory and updated packages to address the DNS implementations insufficient entropy vulnerability in BIND.

Version 7, July 21, 2008, 2:00 PM: F5 Networks, HP, and Turbolinux have released security advisories and updated packages to address the DNS implementations insufficient entropy vulnerability in BIND.

Version 6, July 17, 2008, 5:28 PM: This alert is being updated to detail activity being detected on an intrusion prevention system signature that is related to this vulnerability.

Version 5, July, 14, 2008, 3:15 PM: Multiple vendors have released security advisories and updated packages to address the DNS implementations insufficient entropy vulnerability in BIND.

Version 4, July 11, 2008, 6:53 PM: This alert is being updated to detail activity being detected on an intrusion prevention system signature that is related to this vulnerability.

Version 3, July 10, 2008, 3:51 PM: Mandriva and Slackware have released security advisories and updated packages to address the DNS implementations insufficient entropy vulnerability in BIND. Red Hat re-released an advisory with updated packages. Juniper has released an advisory.

Version 2, July 9, 2008, 7:57 AM: Ubuntu has released a security notice and updated packages to address the DNS implementations insufficient entropy vulnerability in BIND. Avaya has also released a security advisory.

Version 1, July 8, 2008, 4:15 PM: DNS implementations of multiple vendors contain a vulnerability that could allow an unauthenticated, remote attacker to conduct DNS cache poisoning attacks. Updates are available.

Product Sets

The security vulnerability applies to the following combinations of products.

Primary Products:
Cisco	Application and Content Networking Software (ACNS)	4.0 Base \| 4.0.3 Base \| 4.1 Base \| 4.1.1 Base \| 4.1.3 Base \| 4.2 Base \| 4.2.11 Base \| 4.2.13 Base \| 4.2.3 Base \| 4.2.5 Base \| 4.2.7 Base \| 4.2.9 Base \| 5.0 Base \| 5.0.1 Base \| 5.0.11 Base \| 5.0.13 Base \| 5.0.15 Base \| 5.0.17 Base \| 5.0.3 Base \| 5.0.5 Base \| 5.0.7 Base \| 5.0.9 Base \| 5.1 Base \| 5.1.11 Base \| 5.1.13 Base \| 5.1.3 Base \| 5.1.5 Base \| 5.1.7 Base \| 5.1.9 Base \| 5.2 Base \| 5.2.3 Base \| 5.2.5 Base \| 5.3 Base \| 5.3.1 Base \| 5.4 Base \| 5.5 Base
Cisco	Cisco CNS Network Registrar	6.1 .1, .1.1, .1.2, .1.3, .1.4, .4, .4.1, .4.2, .6, Base \| 6.3 .1, Base \| 7.0 Base
Cisco	Cisco Global Site Selector (GSS)	1.0 .1, Base \| 1.1 .1, Base \| 1.2 .1, .2, Base \| 1.3 .0, .1, .2, .3 \| 2.0 .0
Cisco	IOS	12 Base \| 12.0DB Base \| 12.0DC Base \| 12.0T Base \| 12.0WC Base \| 12.0XD Base \| 12.0XK Base \| 12.0XN Base \| 12.0XR Base \| 12.1 Base \| 12.1A Base \| 12.1AY Base \| 12.1DB Base \| 12.1DC Base \| 12.1EA Base \| 12.1EX Base \| 12.1T Base \| 12.1XC Base \| 12.1YE Base \| 12.2 Base \| 12.2B Base \| 12.2BW Base \| 12.2BY Base \| 12.2BZ Base \| 12.2CZ Base \| 12.2T Base \| 12.2XB Base \| 12.2XC Base \| 12.2XG Base \| 12.2XK Base \| 12.2XL Base \| 12.2XT Base \| 12.2XU Base \| 12.2Y Base \| 12.2YJ Base \| 12.2YL Base \| 12.2YM Base \| 12.2YN Base \| 12.2YO Base \| 12.2YT Base \| 12.2YU Base \| 12.2YV Base \| 12.2ZB Base \| 12.2ZD Base \| 12.2ZE Base \| 12.2ZF Base \| 12.2ZG Base \| 12.2ZH Base \| 12.2ZI Base \| 12.2ZJ Base \| 12.2ZK Base \| 12.2ZL Base \| 12.2ZN Base \| 12.2ZO Base \| 12.3 Base, T \| 12.3B Base \| 12.3BW Base \| 12.3TPC Base \| 12.3VA Base \| 12.3X Base \| 12.3XA Base \| 12.3XB Base \| 12.3XC Base \| 12.3XD Base \| 12.3XE Base \| 12.3XF Base \| 12.3XG Base \| 12.3XH Base \| 12.3XI Base \| 12.3XJ Base \| 12.3XK Base \| 12.3XL Base \| 12.3XM Base \| 12.3XN Base \| 12.3XQ Base \| 12.3XR Base \| 12.3XS Base \| 12.3XT Base \| 12.3XV Base \| 12.3XW Base \| 12.3XX Base \| 12.3XZ Base \| 12.3YA Base \| 12.3YB Base \| 12.3YC Base \| 12.3YD Base \| 12.3YE Base \| 12.3YF Base \| 12.3YG Base \| 12.3YH Base \| 12.3YI Base \| 12.3YK Base \| 12.3YM Base \| 12.3YN Base \| 12.3YR Base \| 12.3YS Base \| 12.3YT Base \| 12.3YU Base \| 12.3YW Base \| 12.3YX Base \| 12.3YZ Base \| 12.4 Base \| 12.4MD Base \| 12.4MR Base \| 12.4SW Base \| 12.4T Base \| 12.4X Base \| 12.4XA Base \| 12.4XB Base \| 12.4XC Base \| 12.4XD Base \| 12.4XE Base \| 12.4XJ Base \| 12.4XK Base \| 12.4XP Base \| 12.4XT Base \| 12.4XV Base \| 12.4XW Base
GNU Public License	glibc	2.3.6 Base
Internet Systems Consortium (ISC)	BIND	8.0 Base \| 8.1 Base \| 8.1.1 Base \| 8.1.2 Base \| 8.1.5 Base \| 8.2 Base \| 8.2.1 Base \| 8.2.2 Base \| 8.2.3 Base \| 8.2.4 Base \| 8.2.5 Base \| 8.2.6 Base \| 8.3.0 Base \| 8.3.1 Base \| 8.3.2 Base \| 8.3.3 Base \| 8.3.4 Base \| 8.3.5 Base \| 8.3.6 Base \| 8.4.0 Base \| 8.4.1 Base \| 8.4.3 Base \| 8.4.4 Base \| 8.4.5 Base \| 8.4.6 Base \| 8.4.7 -P1, Base \| 9.0 Base \| 9.0.1 Base \| 9.1 Base \| 9.1.1 Base \| 9.1.2 Base \| 9.1.3 Base \| 9.2.0 Base \| 9.2.1 Base \| 9.2.2 Base \| 9.2.3 Base \| 9.2.4 Base \| 9.2.5 Base \| 9.2.6 Base \| 9.2.7 Base \| 9.2.8 -P1, Base \| 9.3.0 Base \| 9.3.1 Base \| 9.3.2 Base \| 9.3.3 Base \| 9.3.4 -P1, Base \| 9.3.5 Base \| 9.4 .0, .1, .1-P1, .2
Microsoft, Inc.	Windows 2000	Advanced Server Base, SP1, SP2, SP3, SP4 \| Professional Base, SP1, SP2, SP3, SP4 \| Server Base, SP1, SP2, SP3, SP4
Microsoft, Inc.	Windows Server 2003	Datacenter Edition Base, SP1, SP2 \| Datacenter Edition, 64-bit (Itanium) Base, SP1, SP2 \| Datacenter Edition x64 (AMD/EM64T) Base, SP2 \| Enterprise Edition Base, SP1, SP2 \| Enterprise Edition, 64-bit (Itanium) Base, SP1, SP2 \| Enterprise Edition x64 (AMD/EM64T) Base, SP2 \| Standard Edition Base, SP1, SP2 \| Standard Edition, 64-bit (Itanium) Base, SP1, SP2 \| Standard Edition x64 (AMD/EM64T) Base, SP2 \| Web Edition Base, SP1, SP2
Microsoft, Inc.	Windows XP	Home Edition Base, SP1, SP2, SP3 \| Professional Edition Base, SP1, SP2, SP3 \| Professional x64 (AMD/EM64T) Base, SP2
Yukihiro Matsumoto	Ruby	1.8 .5, .6, .6-p110, .6-p111, .6-p113, .6-p114, .6-p229, .6-p230, .6-p286, .6-p36, .7, .7-p17, .7-p21, .7-p22, .7-p71 \| 1.9 .0-0, .0-1

Associated Products:
Apple	Mac OS X	10.4.0 Base \| 10.4.1 Base \| 10.4.10 Intel, PPC \| 10.4.11 Intel, PPC \| 10.4.2 Base \| 10.4.3 Base \| 10.4.4 Intel, PPC \| 10.4.5 Intel, PPC \| 10.4.6 Intel, PPC \| 10.4.7 Intel, PPC \| 10.4.8 Intel, PPC \| 10.4.9 Intel, PPC \| 10.5 Intel, PPC \| 10.5.1 Intel, PPC \| 10.5.2 Intel, PPC \| 10.5.3 Intel, PPC \| 10.5.4 Intel, PPC
Apple	Mac OS X Server	10.4.0 Base \| 10.4.1 Base \| 10.4.10 Intel, PPC \| 10.4.11 Intel, PPC \| 10.4.2 Base \| 10.4.3 Base \| 10.4.4 Base \| 10.4.5 Base \| 10.4.6 Base \| 10.4.7 Intel, PPC \| 10.4.8 Intel, PPC \| 10.4.9 Intel, PPC \| 10.5 Intel, PPC \| 10.5.1 Intel, PPC \| 10.5.2 Intel, PPC \| 10.5.3 Intel, PPC \| 10.5.4 Intel, PPC
Astaro	Astaro Security Linux	7.1 Base \| 7.103 Base \| 7.104 Base \| 7.200 Base \| 7.201 Base
Avaya, Inc.	Messaging Application Server	1.1 Base \| 2.0 Base \| 3.0 Base \| 3.1 Base
Blue Coat Systems, Inc.	Director (SGME)	4.2.2.1 Base \| 4.2.2.2 Base \| 4.2.2.3 Base \| 5.2.1.0 Base \| 5.2.2.1 Base
Blue Coat Systems, Inc.	ProxyRA	2.3.2.0 Base
Blue Coat Systems, Inc.	Security Gateway (SGOS)	4.1 .1.1, .2, .2.1, .3, .3.1 \| 4.2 .1.1, .1.2, .1.6, .2.1, .2.2, .2.3, .2.4, .3, .3.2, .6.1, .6.2, Base \| 5.1 .1, .2, .3, .4, Base \| 5.2 .1, .2, .2.5, .3.9, .4.3, Base
Citrix Systems, Inc.	Citrix Access Gateway Enterprise Edition	8.0 Base \| 8.1 Base
Citrix Systems, Inc.	NetScaler Application Delivery	6.0 Base \| 6.1 Base \| 7.0 Base \| 8.0 Base \| 8.1 Base
Debian	Debian Linux	4.0 alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, ppc, s390, sparc
F5 Networks, Inc.	3DNS	4.5 .1, .10, .11, .12, .13, .14, .2, .3, .4, .5, .6, .7, .8, .9, Base \| 4.6 .1, .2, .3, .4, Base
F5 Networks, Inc.	BIG-IP	4.5 .1, .10, .11, .12, .13, .14, .2, .3, .4, .5, .6, .7, .8, .9, Base \| 4.6 .1, .2, .3, .4, Base
F5 Networks, Inc.	BIG-IP ASM (Application Security Manager)	9.3 .0, .1 \| 9.4 .0, .1, .2, .3, .4, .5
F5 Networks, Inc.	BIG-IP GTM (Global Traffic Manager)	9.3 .0, .1 \| 9.4 .0, .1, .2, .3, .4, .5
F5 Networks, Inc.	BIG-IP Link Controller	9.3 .0, .1 \| 9.4 .0, .1, .2, .3, .4, .5
F5 Networks, Inc.	BIG-IP LTM (Local Traffic Manager)	9.3 .0, .1 \| 9.4 .0, .1, .2, .3, .4, .5 \| 9.6 .0, .1
F5 Networks, Inc.	BIG-IP PSM	9.4 .5
F5 Networks, Inc.	BIG-IP SAM version (Secure Access Manager)	8.0 Base
F5 Networks, Inc.	BIG-IP WebAccelerator	9.4 .0, .1, .2, .3, .4, .5
F5 Networks, Inc.	Enterprise Manager	1.2 Base \| 1.4 .1, Base \| 1.6 Base
F5 Networks, Inc.	FirePass Controller	5.5 .1, .2, Base \| 6.0 .0, .1, .2
F5 Networks, Inc.	WANjet Software	5.0 .0, .1, .2
FreeBSD Project	FreeBSD	6.3 Base \| 7.0 Base
Gentoo Technologies, Inc.	Gentoo Linux	2004 .0, .1, .2, .3 \| 2005 .0 \| 2006 .0, .1 \| 2007 .0 \| 2008 .0
HP	HP MPE/iX	6.5 Base \| 7.0 Base \| 7.5 Base
HP	HP NonStop	G06 .24, .25, .26, .27, .28, .29, .30, .31, .32 \| H01 Base \| H03 Base \| H06 -03, -10, -11, -12 \| J02 Base \| J05 Base
HP	HP TCP/IP Services for OpenVMS	5.4 alpha \| 5.5 alpha, i64 \| 5.6 alpha, i64
HP	HP-UX	11.11/11i Base \| 11.23 Base \| 11.31 Base
HP	Tru64 UNIX	5.1B-3 Base, PK1, PK2, PK3, PK4, PK5 \| 5.1B-4 Base, PK 1, PK 2, PK 3, PK 4, PK 5, PK 6
IBM	AIX	5.2.0 Base \| 5.3 .7.0, .7.1, .8, .9, Base \| 6.1 .0, .1, .2
Ingate Systems	Ingate Firewall	4.6.0 Base \| 4.6.1 Base \| 4.6.2 Base \| 4.6.4 Base
Ingate Systems	Ingate SIParator	4.6.0 Base \| 4.6.1 Base \| 4.6.2 Base \| 4.6.4 Base
Juniper Networks, Inc.	JUNOSe Software	5.2 .0, .1, .2, .3, .4, .5 \| 5.3 .0, .1, .2, .3, .4, .5 \| 6.0 .0, .1, .2, .3, .4 \| 6.1 .0, .1, .2, .3 \| 7.0 .0, .1, .2 \| 7.1 .0, .1
Lucent Technologies	VitalQIP DNS/DHCP and IP Address Management Softwa	6.0 Base \| 6.1 Base \| 6.2 Base
MandrakeSoft, Inc.	Linux-Mandrake Corporate Server	3.0 i586, x86_64 \| 4.0 i586, x86_64
Mandrivasoft Inc	Mandrivalinux	2007.1 i586, x86_64 \| 2008.0 i586, x86_64 \| 2008.1 i586, x86_64
Mandrivasoft Inc	Multi Network Firewall	2.0 i586
NetBSD Foundation	NetBSD	3.0 Base \| 3.0.1 Base \| 3.0.2 Base \| 3.0.3 Base \| 3.1 Base \| 3.1.1 Base \| 4.0 Base
NetScreen Technologies, Inc.	ScreenOS	2.6 Base \| 2.6.1 Base \| 2.7.1 Base \| 2.8 Base \| 3.0 .1, .3, Base \| 3.1 Base \| 3.3 .1, Base \| 4.0 Base \| 4.0.1 Base \| 4.0.2 Base \| 4.0.3 Base \| 5.0.0 Base, r1, r2, r3, r4, r5, r6, r7, r8 \| 5.1.0 Base, r1, r2 \| 5.2.0 Base, r1, r2
Nominum, Inc.	Nominum CNS	3.0.3 Base
Nominum, Inc.	Vantio	3.3.0 Base
Novell, Inc.	Novell Linux Desktop	9 x86, x86_64
Novell, Inc.	Novell Linux POS	9 Base
Novell, Inc.	Novell Open Enterprise Server	1 i386 \| 2 x86, x86-64
OpenBSD	OpenBSD	4.2 Base \| 4.3 Base
Packeteer, Inc.	PacketWise	6.0 .0, .1, .2 \| 6.1 .0, .1, .2 \| 6.2 .0, .1 \| 7.0 .0, .1 \| 7.1 .0, .1 \| 7.2 .1, .2, .3 \| 7.3 .0, .0g2, .1 \| 7.4 .0, .1 \| 7.5 .0, .0g1 \| 8.0 .0, .1 \| 8.1 .0, .1 \| 8.2 .1, .2, .3, .4, .5, Base \| 8.3 .1, Base
Red Hat, Inc.	Red Hat Desktop	3 i386, x86_64 \| 4 IA-32, x86_64
Red Hat, Inc.	Red Hat Enterprise Linux	5 IA-32, IA-64, PPC, ppc64, s390, s390x, x86_64
Red Hat, Inc.	Red Hat Enterprise Linux Advanced Server	2.1 i386 \| 3 amd64 (x86_64), i386, ia64 \| 4 IA-32, IA-64, x86_64
Red Hat, Inc.	Red Hat Enterprise Linux Desktop	5 IA-32, x86_64
Red Hat, Inc.	Red Hat Enterprise Linux Desktop Workstation	5 IA-32, x86-64
Red Hat, Inc.	Red Hat Enterprise Linux Enterprise Server	2.1 i386, ia64 \| 3 amd64 (x86_64), i386, ia64, ppc, s390, s390x \| 4 IA-32, IA-64, PPC, PPC64, s390, s390x, x86_64
Red Hat, Inc.	Red Hat Enterprise Linux Workstation	2.1 i386 \| 3 amd64 (x86_64), i386, ia64 \| 4 IA-32, IA-64, x86_64
Red Hat, Inc.	Red Hat Linux Advanced Workstation	2.1 ia64
Secure Computing	CyberGuard Classic	5.1 .1 \| 5.2 .1, .2, .3, Base
Secure Computing	CyberGuard TSP	6.2 .1, .2, Base \| 6.4 .1, .2, .3, Base
Secure Computing	Sidewinder	5.0 Base \| 5.1 Base \| 5.2 Base \| 7.0 Base \| G2 6.0, 6.1, 6.1.0.05, 6.1.1, 6.1.2
Sun Microsystems, Inc.	Solaris	10 sparc, x64/x86 \| 8 intel, sparc \| 9 intel, sparc
SUSE	SUSE Linux Enterprise Desktop (SLED)	10 SP1 amd64 , SP1 em64t , SP1 x86 , SP2 EM64T, SP2 amd64, SP2 x86
SUSE	SUSE Linux Enterprise SDK (SLE SDK)	10 SP1 PPC, SP1 iSeries, SP1 ia64 (IPF), SP1 pSeries, SP1 x86, SP1 x86-64, SP1 zSeries (s390x), SP2 PPC, SP2 iSeries, SP2 ia64 (IPF), SP2 pSeries, SP2 x86, SP2 x86-64, SP2 zSeries (s390x)
SUSE	SuSE Linux Enterprise Server	10 SP1 AMD64 , SP1 IBM Power, SP1 Intel EM64T, SP1 Itanium (IPF), SP1 x86, SP1 zSeries 64bit, SP2 AMD64, SP2 EM64T, SP2 Itanium (IPF), SP2 PPC, SP2 x86, SP2 zSeries 64bit \| 9 IBM Power, IPF (itanium), iSeries, pSeries, s/390, x86, x86-64 (amd64, em64t), zSeries, zSeries 64bit
The Slackware Linux Project	Slackware Linux	10.0 i486 \| 10.1 i486 \| 10.2 i486 \| 11.0 i486 \| 12.0 i486 \| 12.1 i486 \| 8.1 i386 \| 9.0 i386 \| 9.1 i486
Turbolinux, Inc.	Turbolinux Appliance Server	2.0 i586 \| 3.0 i686, x64
Turbolinux, Inc.	Turbolinux Appliance Server Hosting Edition	1.0 i586
Turbolinux, Inc.	Turbolinux Appliance Server Workgroup Edition	1.0 i586
Turbolinux, Inc.	Turbolinux Server	10 i586, x64 \| 11 i686, x86_64
Ubuntu Linux	Ubuntu Linux	6.06 LTS Desktop AMD64, Intel x86, PowerPC, SPARC \| 6.06 LTS Server AMD64, Intel x86, PowerPC, SPARC \| 7.04 AMD64, Intel x86, PowerPC, sparc \| 7.10 AMD64, Intel x86, PPC, SPARC, powerpc \| 8.04 LTS Desktop amd64, i386 \| 8.04 LTS Server amd64, i386
VMware, Inc.	VMware ESX Server	2.5 .4, .5 \| 3.0 .1, .2, .3 \| 3.5 Base

LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

Hierarchical Navigation

Security Intelligence Operations

Related Links

Feedback