Running IBM i 7.1.
From my new pmr:
Problem title
TCP/IP bind is obsolete.
.
Problem description
I am using QualysGuard for security detection. I think IBM owns them
now. IBM is now telling me that IBM is obsolete and needs to fix their
bind level.
From their security report:
Expand all information gathered Collapse all information gathered
<ip number and name deleted from this email for security reasons>
OS/400 on AS/400
Vulnerabilities (1) Expand all vulnerabilities Collapse all
vulnerabilities
5
EOL/Obsolete Software: ISC BIND 9.1.x - 9.5.x Detected
QID:
105508
Category:
Security Policy
CVE ID:
-
Vendor Reference
BIND Software Status
Bugtraq ID:
-
Service Modified:
06/27/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes
THREAT:
The host is running BIND. ISC BIND ended support for 9.1.x - 9.5.x
and provides no further support.
9.5.2-P4 Deprecated as of Sep 2010.
9.4-ESV-R5-P1 Deprecated as of Mar 2012.
9.4.0-9.4.3 Deprecated as of Dec 2009.
9.3.6-P1 Deprecated as of Jan 2009.
9.3.6 (and earlier) Deprecated as of Dec 2008.
9.2.9 (and earlier) Deprecated as of Sep 2007.
9.1.3 (and earlier) Deprecated as of Jul 2001.
IMPACT:
The system is at high risk of exposure to security vulnerabilities.
Since the vendor no longer provides updates, obsolete software is more
vulnerable to attacks.
SOLUTION:
Update to a supported version of BIND.
Refer to BIND Software Status for further details.
Patch:
Following are links for downloading patches to fix the
vulnerabilities:
BIND Software Status: BIND 9.5.2-P4
BIND Software Status: BIND 9.4-ESV-R5-P1
BIND Software Status: BIND 9.4.0-9.4.3
BIND Software Status: BIND 9.3.6-P1
BIND Software Status: BIND 9.3.6 (and earlier)
BIND Software Status: BIND 9.2.9 (and earlier)
BIND Software Status: BIND 9.1.3 (and earlier)
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
9.4.3-P5.V7R1M09.4.3-P5.V7R1M0
Rob Berendt
midrange.com
