Microsoft has released a patch (http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx).
Juniper has released a patch (http://www.kb.cert.org/vuls/id/MIMG-7DWR4Z).
Cisco has released a patch (http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml).
ISC has relased a patch for Bind (http://www.isc.org/index.pl?/sw/bind/bind-security.php).
--
+-------------------------------------------+
| Michael Surato |
| College of Arts and Letters |
| Michigan State University |
| 320 Linton Hall |
| East Lansing, MI 48824 |
| Voice: (517) 353-0778 Fax: (517) 355-0159 |
+-------------------------------------------+
>>> On 7/8/2008 at 4:15 PM, MSU Network Administrators Group wrote:
> Do you know if patches are available for BIND and Windows 200x Server
> yet? Are there any precautions that should be followed until we have
> all of our patches in place?
>
> Thanks!
>
> -Nick Kwiatkowski
> MSU Telecom Systems, Physical Plant
>
> -----Original Message-----
> From: MSU Network Administrators Group [mailto:[log in to unmask]] On
> Behalf Of Jeff Goeke-Smith
> Sent: Tuesday, July 08, 2008 4:10 PM
> To: [log in to unmask]
> Subject: [MSUNAG] DNS Cache Poisoning Vulnerability
>
> Today, CERT released a notice regarding coordinated patching of
> all major DNS servers against a protocol level attack on the DNS
> system. This class of attack can result in a attacker taking over
> various domain names for all clients on a network. If you are running
> a DNS server, you should evaluate their potential vulnerability and
> patch as appropriate.
>
> The CERT advisory can be found at http://www.kb.cert.org/vuls/id/800113
>
> --
> Jeff Goeke-Smith
> [log in to unmask]
> Network Security
> Michigan State University
>
|