Process Software proactively monitors security vulnerabilities reported by the CERT Coordination Center (CERT/CC). The following information provides more details on the status of specific CERT Advisories in relation to our products.
CERT Advisory Vulnerability Note VU#800113: Multiple DNS implementations
vulnerable to cache poisoning
The BIND vulnerabilities reported in http://www.kb.cert.org/vuls/id/800113 had the potential for an attacker to poison a name server's cache allowing the attacker to forge the IP address returned in a query. This problem has been corrected in ECOs:
CERT advisory CA-2002-36 - Multiple Vulnerabilities in SSH Implementation
The SSH vulnerability reported in www.cert.org/advisories/CA-2002-36.html has been addressed with the following ECOs. Note that the F-Secure security advisory "Setsid() Vulnerability in F-Secure SSH" does not affect this software.
CERT Advisory CA-2001-02 Multiple Vulnerabilities in BIND
The BIND vulnerabilities reported in www.cert.org/advisories/CA-2001-02.html had the potential to cause the nameserver to access violate in MultiNet and TCPware. This problem has been corrected with the following ECOs:
CERT Advisory CA-2002-03 - Multiple Vulnerabilities in Simple Network
Management Protocol (SNMP) (posted Feb. 5, 2002)
SNMP vulnerabilities reported in the CERT advisory CA-2002-03do not pose a security risk for MultiNet and TCPware. For more information, please review the MultiNet and TCPware CERT advisory FAQ.