Process Software proactively monitors security vulnerabilities reported by the CERT Coordination Center (CERT/CC). The following information provides more details on the status of specific CERT Advisories in relation to our products.

CERT Advisory Vulnerability Note VU#800113: Multiple DNS implementations vulnerable to cache poisoning
The BIND vulnerabilities reported in http://www.kb.cert.org/vuls/id/800113 had the potential for an attacker to poison a name server's cache allowing the attacker to forge the IP address returned in a query. This problem has been corrected in ECOs:

MultiNet: V5.2: NAMED-050_A052 - README
V5.1: NAMED-040_A051 - README
TCPware: V5.8-2: NAMED_V582P010 - README
V5.7-2: NAMED_V572P010 - README

CERT advisory CA-2002-36 - Multiple Vulnerabilities in SSH Implementation
The SSH vulnerability reported in www.cert.org/advisories/CA-2002-36.html has been addressed with the following ECOs. Note that the F-Secure security advisory "Setsid() Vulnerability in F-Secure SSH" does not affect this software.

MultiNet - ssh-050_A044.zip - README
TCPware - ssh_v562p020.zip - README
SSH for OpenVMS - sshvms-v10ap020 - README

CERT Advisory CA-2001-02 Multiple Vulnerabilities in BIND
The BIND vulnerabilities reported in www.cert.org/advisories/CA-2001-02.html had the potential to cause the nameserver to access violate in MultiNet and TCPware. This problem has been corrected with the following ECOs:

MultiNet - named-011_a044.zip - README
TCPware - named_v562p010.zip - README

CERT Advisory CA-2002-03 - Multiple Vulnerabilities in Simple Network Management Protocol (SNMP) (posted Feb. 5, 2002)
SNMP vulnerabilities reported in the CERT advisory CA-2002-03do not pose a security risk for MultiNet and TCPware. For more information, please review the MultiNet and TCPware CERT advisory FAQ.