Skip to end of metadata
Go to start of metadata

June 30th, 2017

The following vulnerabilities were found in 3rd party software running on our DNS/DHCP appliance:

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to one of the following versions:

  • LTS versions 7.1.14 or 8.1.4
  • 8.2.1

The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support


 

April 12th, 2017

Multiple vulnerabilities were found in 3rd party software running on our DNS/DHCP appliance:

  • CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;".  See for https://kb.isc.org/article/AA-01465 more details.

  • CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME. See https://kb.isc.org/article/AA-01466 for more details.

  • CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel. See https://kb.isc.org/article/AA-01471 for more details.

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to either 7.1.13 or 8.1.2.  Both versions are LTS versions.

The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support

 


 

January 12th 2017.

Multiple vulnerabilities were found in 3rd party software running on our DNS/DHCP appliance:

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 7.3.2.

The appliances on the 7.1 LTS version have also been updated. The latest version in 7.1 is 7.1.12

The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support



November 1st, 2016

A vulnerability, CVE-2016-8864 was found in 3rd party software running on our DNS/DHCP appliance.

A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit
after encountering an assertion failure in db.c or resolver.c

For more information, see https://kb.isc.org/article/AA-01434.

 

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 7.2.7.

The appliances on the 7.1 version have also been updated. The latest version in 7.1 is 7.1.11

 

The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

 

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support


 

September 28th, 2016

A vulnerability, CVE-2016-2776 was found in 3rd party software running on our DNS/DHCP appliance.

A defect in BIND can cause the named process to exit with an assertion failure when constructing a response to a specific query. 

For more information, see https://kb.isc.org/article/AA-01419.

 

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 7.2.4.

The appliances on the 7.1 version have also been updated. The latest version in 7.1 is 7.1.9

 

The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

 

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support


March 10th, 2016

Two vulnerabilities, CVE-2016-1285 and CVE-2016-1286, were found in 3rd party software running on our DNS/DHCP appliances.

For more information, see https://kb.isc.org/article/AA-01352 and https://kb.isc.org/article/AA-01353. These vulnerabilities

have been fixed in the latest version of the Men & Mice Suite.

 

Additionally, a vulnerability, CVE-2016-2774, was found in the ISC DHCP server software running on the DNS/DHCP appliance.

By exploiting this vulnerability, an attacker could interfere with the DHCP server operation. A patch is expected later in

March, but until then a workaround is  that server operators should restrict the hosts allowed to make connections to 

DHCP server inter-process communication channels to trusted hosts, blocking connections to the OMAPI control port and the 

failover communications ports from all other hosts.

For more information, see https://kb.isc.org/article/AA-01354

 

We recommend that all Men & Mice Appliances are upgraded to the latest version, which is 7.1.4.

The appliances on the 6.8 version have also been updated. The latest version in 6.8 is 6.8.11. 

 

The appliances can be easily upgraded using the Automatic Update feature of the Men & Mice Suite. 

For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below

https://docs.menandmice.com/display/MM/Contacting+Support

See the Security Announcements Archive for details on previous security announcements

https://docs.menandmice.com/display/MM/Security+Announcements

 


March 3rd, 2016

A vulnerability was found in 3rd party software running on our DNS/DHCP and Caching appliances.

A critical bug was found in the glibc linux library. A remote attacker could crash or, potentially, execute code running the library on Linux.

There are no workarounds other than upgrading the appliance. 

 

We recommend that all Men & Mice Appliances are upgraded to the latest version, which is 7.1.3.

The appliances on the 6.8 version have also been updated. The latest version in 6.8 is 6.8.10. 

 

The appliances can be easily upgraded using the Automatic Update feature of the Men & Mice Suite. 

For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below

https://docs.menandmice.com/display/MM/Contacting+Support

See the Security Announcements Archive for details on previous security announcements

https://docs.menandmice.com/display/MM/Security+Announcements


February 19th, 2015

A vulnerability was found in 3rd party software running on our DNS/DHCP appliance.

BIND, the DNS server running on the DNS/DHCP appliance has been found to be vulnerable
where it can crash under certain conditions. This vulnerability has been registered as CVE-2015-1349.

When configured to perform DNSSEC validation, the DNS server can crash when
encountering a rare set of conditions in the managed trust anchors.

There is no workaround other than upgrading the appliance.
 

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 6.7.6. 

 

The appliances can be easily upgraded using the Automatic Update feature of the Men & Mice Suite. 

For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support


December 15th, 2014

A vulnerability was found in 3rd party software running on our DNS/DHCP appliance.

Due to the "POODLE" vulnerability, the SSLv3 protocol is now disabled on the Men & Mice appliances

We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 6.7.4. 

 

The appliances can be easily upgraded using the Automatic Update feature of the Men & Mice Suite. 

For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support

 


December 8th, 2014

A vulnerability was found in 3rd party software running on our DNS/DHCP appliance and Caching appliance.

A vulnerability was found and patched in Unbound (CVE-2014-8602). Two vulnerabilities were found and patched in BIND (CVE-2014-8500 and CVE-2014-8680)

We recommend that all Men & Mice DNS/DHCP Appliances and Caching appliances are upgraded to the latest version, which is 6.7.3. 

 

The appliances can be easily upgraded using the Automatic Update feature of the Men & Mice Suite. 

For details on how to update the Men & Mice Suite, see

https://docs.menandmice.com/display/MM/Updating+the+Men+and+Mice+Suite

For more information regarding the upgrade, contact Men & Mice Support using the link below
https://docs.menandmice.com/display/MM/Contacting+Support

  • No labels