[25954] in bugtraq

home help back first fref pref prev next nref lref last post

Remote buffer overflow in resolver code of libc

daemon@ATHENA.MIT.EDU (Mark Lastdrager)
Wed Jun 26 21:41:08 2002

Date: Wed, 26 Jun 2002 09:37:16 +0200
From: Mark Lastdrager <mark@pine.nl>
To: bugtraq@securityfocus.com
Cc: vulnwatch@vulnwatch.org, vuln-dev@securityfocus.com,
        editors@daemonnews.org
Message-ID: <20020626073716.GF25834@pine.nl>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="1UWUbFP1cBYEclgG"
Content-Disposition: inline

--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Please find advisory attached.

Mark Lastdrager

--
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728
Today's excuse: Radial Telemetry Infiltration

--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pine-cert-20020601.txt"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------------------
 Pine Internet Security Advisory
 -----------------------------------------------------------------------------
 Advisory ID       : PINE-CERT-20020601 
 Authors           : Joost Pol <joost@pine.nl>
 Issue date        : 2002-06-25 
 Application       : Multiple
 Version(s)        : Multiple 
 Platforms         : FreeBSD, OpenBSD, NetBSD, maybe more. 
 Availability      : http://www.pine.nl/advisories/pine-cert-20020601.txt
 -----------------------------------------------------------------------------

Synopsis

	There is a remote buffer overflow in the resolver code of libc.

Impact

	Serious.

	Exploitability will vary on application-specific issues.

Description

	There is a slight mistake in the resolver code of libc.

	This will allow an attacker-controlled DNS server to reply
	with a carefully crafted message to (for example) a
	gethostbyname request.
	
	This reply will trigger the buffer overflow

Solution

	FreeBSD, NetBSD and OpenBSD CVS have been updated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)

iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0
rLNudIKentqTZeIXslcTi2c=
=xNWe
-----END PGP SIGNATURE-----

--1UWUbFP1cBYEclgG--
home help back first fref pref prev next nref lref last post