× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Running IBM i 7.1.

From my new pmr:

Problem title
TCP/IP bind is obsolete.
.
Problem description
I am using QualysGuard for security detection. I think IBM owns them
now. IBM is now telling me that IBM is obsolete and needs to fix their
bind level.
From their security report:
Expand all information gathered Collapse all information gathered
<ip number and name deleted from this email for security reasons>

OS/400 on AS/400
Vulnerabilities (1) Expand all vulnerabilities Collapse all
vulnerabilities

5
EOL/Obsolete Software: ISC BIND 9.1.x - 9.5.x Detected


QID:
105508
Category:
Security Policy
CVE ID:
-
Vendor Reference
BIND Software Status
Bugtraq ID:
-
Service Modified:
06/27/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes

THREAT:
The host is running BIND. ISC BIND ended support for 9.1.x - 9.5.x
and provides no further support.

9.5.2-P4 Deprecated as of Sep 2010.

9.4-ESV-R5-P1 Deprecated as of Mar 2012.

9.4.0-9.4.3 Deprecated as of Dec 2009.

9.3.6-P1 Deprecated as of Jan 2009.

9.3.6 (and earlier) Deprecated as of Dec 2008.

9.2.9 (and earlier) Deprecated as of Sep 2007.

9.1.3 (and earlier) Deprecated as of Jul 2001.
IMPACT:
The system is at high risk of exposure to security vulnerabilities.
Since the vendor no longer provides updates, obsolete software is more
vulnerable to attacks.
SOLUTION:
Update to a supported version of BIND.
Refer to BIND Software Status for further details.

Patch:
Following are links for downloading patches to fix the
vulnerabilities:

BIND Software Status: BIND 9.5.2-P4

BIND Software Status: BIND 9.4-ESV-R5-P1

BIND Software Status: BIND 9.4.0-9.4.3

BIND Software Status: BIND 9.3.6-P1

BIND Software Status: BIND 9.3.6 (and earlier)

BIND Software Status: BIND 9.2.9 (and earlier)

BIND Software Status: BIND 9.1.3 (and earlier)
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
9.4.3-P5.V7R1M09.4.3-P5.V7R1M0


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.