MPE/iX is affected and was just simply omitted (i.e. same old story).

The MPE FOS BIND is 8.1.1.  The latest bixby.org BIND is 8.2.2-P5.  Both are
subject to varying amounts of vulnerabilities if you are running the NAMED
server.  Due to the way that MPE separates code and data, the most exicting
thing that any exploit attempt will probably cause is for NAMED to abort,
resulting in denial of service.

I will attempt to do a bixby.org release of 8.2.3 "soon".

So that I can better understand BIND usage on MPE, I'd like everybody who is
using BIND to please respond to me privately and let me know:

1) What version of the software are you using?

2) Are you running the NAMED server, and if so, is your server accessible from
the Internet?

3) Are you running the client utilities (i.e. nslookup, etc)?

4) Are you using the client resolver library libbind.a?

Thanks!

- Mark B. (speaking only for bixby.org here)

"Johnson, Tracy" wrote:
>
> Both CERT and CIAC reported old vulnerabilities in BIND.
>
> Domain Name System (DNS) Servers running various versions of
> ISC BIND (including both 4.9.x prior to 4.9.8 and 8.2.x prior to
> 8.2.3) and derivatives.
>
> HP-UX affected.
>
> MPE/iX not reported as being affected,
> (but then again, who can tell if it is
> simply omitted in the report??)
>
> Tracy Johnson
> MSI Schaevitz Sensors

--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...