Novell has released patches for DNS cache poisoning vulnerability

Novell has released patches for novell-bind on OES2 and named.nlm on Netware that address the deficiencies in the DNS protocol and common DNS implementations that facilitate DNS cache poisoning attacks described in CVE-2008-1447.   

Patches for bind running on SuSE Enterprise Linux Server (SLES) 9 and 10, plus openSUSE 10.2, 10.3, and 11.0 were released previously.   

See TID 7000912 for details. Security patches are available from the Novell download site.

These patches should be applied as soon as possible.  Metasploit exploits of this vulnerability are already available.

Leave a Reply

Your email address will not be published. Required fields are marked *