Kevin Day

**Name of the Vulnerable Software and Affected Versions** FreeBSD (affected versions not specified) **Description** A remote code execution issue exists in the IPv6 autoconfiguration handler in FreeBSD. The issue is present in the `rtsold` background process and the `rtsol` utility. An attacker can achieve remote code execution with root privileges by sending a specially crafted IPv6 router advertisement packet. Router Advertisement (RA) messages used to exploit this issue are not routed and should be dropped by routers. To successfully exploit this, an attacker must be able to send a crafted packet from a system within the same network segment as the vulnerable host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions prior to 10.5.8 Description: The issue allows remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability in certain 302 redirection scenarios. This occurs because CFNetwork places an incorrect URL in a certificate warning. Recommendations: For Apple Mac OS X versions prior to 10.5.8, update to version 10.5.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows DNS Server versions in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 **Description** The issue concerns the DNS Resolver Cache Service in Windows DNS Server. When dynamic updates are enabled, the service does not properly reuse cached DNS responses, making it easier for remote attackers to predict transaction IDs and poison caches. This can be achieved by simultaneously sending crafted DNS queries and responses. **Recommendations** For Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, consider disabling dynamic updates until a patch is available to prevent cache poisoning attacks. Restrict access to the DNS Server to minimize the risk of exploitation. Avoid using the DNS Resolver Cache Service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows DNS Server versions in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 **Description** The issue arises from the DNS Resolver Cache Service not properly caching crafted DNS responses. This makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger unnecessary lookups. **Recommendations** For Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, consider restricting access to the DNS Resolver Cache Service until a patch is available. As a temporary workaround, avoid using the DNS Server for unnecessary lookups until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.