Try IPAM Software

BlueCat Support

The BlueCat Customer Care team is your single point of contact for technical expertise and best-in-class 24/7/365 product support. We listen. We understand. We care.

Security & Vulnerability Updates

BlueCat Networks understands the critical nature of DNS, DHCP and IPAM services and the impact of a security risk to these services. As part of BlueCat's initiative to provide customers with up-to-date information on potential security issues, we publicly track all known security issues related to our products. A description of each published security issue is listed below outlining the impact of each issue and how to mitigate against the attack.

2013   |   2012   |   2011   |   2010   |   2009   |   2008

June 2013

Malformed zone query can cause DNS resolver to crash
CERT NUMBER: CVE-2013-3919

A vulnerability has been announced by the ISC (Internet Systems Consortium) - CVE-2013-3919 which affects ISC BIND.

Short Description:
A recursive resolver can be crashed by a query for a deliberately constructed malformed zone.

Affected Adonis Versions
BlueCat's assessment of the CVE-2013-3919 security advisory has demonstrated that Adonis appliances, whether physical or virtual, running v4.x, v5.x or v6.x, are not subject to this vulnerability. BlueCat Adonis appliances currently use a version of ISC BIND that is not affected. There is therefore no need for BlueCat customers to patch their Adonis appliances to address CVE-2013-3919.

Please visit Care and review KB-4909 for additional details.

March 2013

A specially crafted DNS query can cause excessive DNS memory leak
CERT NUMBER: CVE-2013-2266

A vulnerability has been announced by the ISC (Internet Systems Consortium) – CVE-2013-2266 which affects ISC BIND.

Short Description:
A vulnerability exists in the DNS service that allows an attacker to deliberately cause excessive memory consumption by the DNS service, potentially resulting in exhaustion of memory resources on the affected server.

Intentional exploitation of this condition can cause a denial of service in all authoritative and recursive DNS servers running affected versions of BIND 9. Additionally, other services which run on the same physical machine as an affected DNS server could be compromised through exhaustion of system memory.

Affected Adonis Versions:
BlueCat Networks' assessment of CVE-2013-2266 has determined that versions 6.5, 6.7 and 6.7.1 of Adonis are affected. A patch has been released to address the issue. Please visit Care and review KB-5018 to download the patch and associated release notes.

Adonis customers should apply the appropriate patch matching your current production version.

Memory exhaustion bug found in ISC DHCP
CERT NUMBER: CVE-2013-2494

A vulnerability has been announced by the ISC (Internet Systems Consortium) – CVE-2013-2266 which affects ISC DHCP.

Short Description:
A vulnerability has been announced by the ISC (Internet Systems Consortium) – CVE-2013-2494 which affects ISC DHCP.

Affected Adonis Versions:
BlueCat Networks assessment of the CVE-2013-2494 security advisory has demonstrated that Adonis appliances, whether physical or virtual, running v4.x, v5.x or v6.x, are not subject to this vulnerability. BlueCat Networks Adonis appliances currently use a version of ISC DHCP that is not affected. There is therefore no need for BlueCat Networks customers to patch their Adonis appliances to address CVE-2013-2494. Please visit Care and review KB-5033 for additional details.

Try IPAM Software

© 2001-2013 BlueCat Networks - All Rights Reserved - Privacy