IBM Support

IV09491: BIND 9.4.1 IS VULNERABLE TO CVE 2010-0382, 2010-0097, 2009-0025 APPLIES TO AIX 5300-12

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • AIX Bind 9.4.1 is vulnerable to the following 3 security
    vulnerabilities:
    (1) CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data
    Handling Error
    (2) CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and
    NSEC3 Record
    (3) CVE-2009-0025 - BIND OpenSSL DSA_do_verify and
    EVP_VerifyFinal
    

Local fix

Problem summary

  • AIX Bind 9.4.1 is vulnerable to the following 3 security
    vulnerabilities:
    (1) CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling
    Error
    (2) CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3
    Record
    (3) CVE-2009-0025 - BIND OpenSSL DSA_do_verify and
    EVP_VerifyFinal
    

Problem conclusion

  • www.isc.org has provided the fix.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV09491

  • Reported component name

    AIX 5.3

  • Reported component ID

    5765G0300

  • Reported release

    530

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2011-10-21

  • Closed date

    2011-10-31

  • Last modified date

    2013-02-27

Fix information

  • Fixed component name

    AIX 5.3

  • Fixed component ID

    5765G0300

Applicable component levels

  • R530 PSY

       UP



Document information

More support for: AIX family

Software version: 530

Operating system(s): AIX

Reference #: IV09491

Modified date: 27 February 2013