[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:14407] buffer overflow in the DNS resolver
-
From:SAWAMI Hiroaki
-
Date:Thu, 27 Jun 2002 17:47:31 +0900 (JST)
- Subject: [plamo:14407] buffer overflow in the DNS resolver
- From: SAWAMI Hiroaki <hiro-s@xxxxxxxxxxxxxx>
- Date: Thu, 27 Jun 2002 17:45:45 +0900 (JST)
さわみです。
apache、OpenSSH に続いて、BSD DNS resolver の buffer overflow に
関する advisory が流れています。
/.-J なんかでも議論されていますが、取りあえず openbsd-announce に
流れたやつ。glibc にも影響があるようですね。
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Subject: buffer overflow in the DNS resolver
Date: Wed, 26 Jun 2002 16:20:14 -0600
Message-ID: <200206262220.g5QMKFsX032187@xerxes.courtesan.com>
> Description:
> A buffer overflow has been found in the BSD DNS resolver.
>
> Impact:
> It may be possible for an attacker with control over a DNS zone
> to cause a buffer overflow in applications doing standard DNS
> calls (gethostbyname(), gethostbyaddr(), etc).
>
> It is not known at this time whether or not such an overflow
> could be used to escalate privileges. We suggest users assume
> the worst and patch their systems.
>
> Credit:
> The bug was found and fix a proposed by Joost Pol.
> The patches used were written by Jun-ichiro "itojun" Hagino.
>
> The following patches are available:
>
> OpenBSD 3.1:
> ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/007_resolver.patch
>
> OpenBSD 3.0:
> ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch
>
> OpenBSD 2.9:
> ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch
>
> The OpenBSD 2.9 patch also applies cleanly to OpenBSD 2.8.
>
> The OpenBSD 3.1, 3.0 and 2.9 patch branches (aka OpenBSD-stable)
> also contain the patch.
--
SAWAMI Hiroaki (沢味 広明)
hiro-s@mars.dti.ne.jp
hiro@lunahouse.com
[検索ページ]
[メール一覧]
Plamo ML 公開システム