<<< Date Index >>>     <<< Thread Index >>>

Inofficial updates to 758884/NISCC/DNS



The list of implementations in NISCC Vulnerability Advisory
758884/NISCC/DNS is not complete. A somewhat more comprehensive list can
be found below.

        Roy Arends - roy at dnss.ec
        Jakob Schlyter - jakob at rfc.se


** REFERENCE

http://www.uniras.gov.uk/vuls/2004/758884/
http://www.rfc.se/fpdns/

** VULNERABLE IMPLEMENTATIONS

MARADNS                         vulnerable <= v0.8.05, upgrade available
MyDNS                           vulnerable <= v0.10.0, upgrade available
Net::DNS::Nameserver            vulnerable <= v0.44, upgrade available
Pliant DNS Server               vulnerable, upgrade unknown
QuickDNS                        vulnerable <= v3.5.1, upgrade available
Posadis                         vulnerable <= v0.60.2, upgrade available
DeleGate DNS proxy              vulnerable <= v8.9.5, upgrade available
dnrd                            vulnerable <= v2.10, upgrade available
JDNSS                           vulnerable <= v1.0, upgrade available
small HTTP server               vulnerable, upgrade unknown
RaidenDNSD                      vulnerable, upgrade unknown
Runtop Implementation           vulnerable, upgrade unknown
Mikrotik Implementation         vulnerable, upgrade unknown
Axis Video Network              vulnerable, upgrade available
WinGate DNS                     vulnerable <= v6.0.1, upgrade available
Ascenvision SwiftDNS            vulnerable, upgrade unknown
Nortel Networks
  Baystack Instant Internet     vulnerable, upgrade unknown
  Nortel Alteon ACEswitch       vulnerable, upgrade unknown
Aethra ATOS Stargate ADSL       vulnerable, upgrade unknown

** NOT VULNERABLE IMPLEMENTATIONS

ISC BIND 4/8/9
Incognito DNS Commander
Microsoft Server NT3.51/NT4/2000/2003
Nominum ANS/CNS
NonSequitur DNS
NLnetlabs NSD
Oak DNS
PowerDNS
Rbldnsd
Simple DNS plus
TinyDNS
TotD
pdnsd
Yaku-NS
sheerdns
dproxy
Viking DNS server
Cisco Network Registrar
Netnumber ENUM server