[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] buffer overflow in resolver library functions
- To: linux-security
- Subject: [linux-security] buffer overflow in resolver library functions
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 25 Jul 2002 20:02:09 -0700
- User-Agent: Mutt/1.4i
Topic
=====
buffer overflow in DNS resolver libraries functions.
Probelm Description
===================
A buffer overflow vulnerability has been found in the way some resolver
library functions handle the resolution of network names and addresses
via DNS (as per Internet RFC 1011). These resolver functions included
in the GNU libc library and the libbind library distributed with the
bind packages.
The bug itself is a buffer overflow that can be exploited if an attacker
sets up a malicious DNS server that sends multiple CNAME records in a
DNS response. This could lead to the execution of aribitrary code.
A system is vulnerable only to this issue, if the "networks" database
in /etc/nsswitch.conf includes the "dns" entry.
Affected Systems
================
glibc versions 2.2.5 and earlier
versions of libbind from all bind 4 versions from 4.8.3 prior to 4.9.9
all bind 8 versions prior to 8.2.6
all bind 8 versions from 8.3.x prior to 8.3.3
bind 9.2.0 and 9.2.1
Workaround
==========
remove "dns" from the "networks" line in /etc/nsswitch.conf, i.e., set
networks: files
in /etc/nsswitch.conf. For most distributions this is the default anyway.
Thus you are unlikely to be vulnerable to this issue.
Solution
========
upgrade glibc to a patched version
upgrade the package that contains libbind to either version 4.9.9,
8.2.6, or 8.3.3 (there is no updated version for bind 9 yet. However,
bind 9 uses a copy of the bind 8.3.x resolver library. Thus, the
resolver library (lib/bind) from bind-8.3.3 can be used to patch bind 9
versions).
RedHat 6.x
----------
rpm -Fvh glibc-2.1.3-24.i386.rpm \
glibc-devel-2.1.3-24.i386.rpm \
glibc-profile-2.1.3-24.i386.rpm \
nscd-2.1.3-24.i386.rpm
RedHat 7.0
----------
rpm -Fvh glibc-2.2.4-18.7.0.4.<arch>.rpm \
glibc-common-2.2.4-18.7.0.4.i386.rpm \
glibc-devel-2.2.4-18.7.0.4.i386.rpm \
glibc-profile-2.2.4-18.7.0.4.i386.rpm \
nscd-2.2.4-18.7.0.4.i386.rpm
where <arch> is either i386 or i686.
RedHat 7.1, 7.2
---------------
rpm -Fvh glibc-2.2.4-27.<arch>.rpm \
glibc-common-2.2.4-27.i386.rpm \
glibc-devel-2.2.4-27.i386.rpm \
glibc-profile-2.2.4-27.i386.rpm \
nscd-2.2.4-27.i386.rpm
where <arch> is either i386 or i686.
RedHat 7.3
----------
rpm -Fvh glibc-2.2.5-37.<arch>.rpm \
glibc-common-2.2.5-37.i386.rpm \
glibc-debug-2.2.5-37.<arch>.rpm \
glibc-debug-static-2.2.5-37.i386.rpm \
glibc-devel-2.2.5-37.i386.rpm \
glibc-profile-2.2.5-37.i386.rpm \
glibc-utils-2.2.5-37.i386.rpm \
nscd-2.2.5-37.i386.rpm
where <arch> is either i386 or i686.
SuSE-8.0
--------
rpm -Fvh bind8-8.2.4-201.i386.rpm \
bind8-devel-8.2.4-201.i386.rpm \
bindutil-8.2.4-201.i386.rpm \
glibc-2.2.5-105.i386.rpm \
glibc-locale-2.2.5-105.i386.rpm \
glibc-devel-2.2.5-105.i386.rpm \
glibc-html-2.2.5-105.i386.rpm \
glibc-info-2.2.5-105.i386.rpm \
glibc-i18ndata-2.2.5-105.i386.rpm \
glibc-profile-2.2.5-105.i386.rpm
SuSE-7.3
--------
rpm -Fvh bind8-8.2.4-201.i386.rpm \
bind8-devel-8.2.4-201.i386.rpm \
bindutil-8.2.4-201.i386.rpm \
glibc-2.2.4-74.i386.rpm \
glibc-devel-2.2.4-74.i386.rpm \
glibc-html-2.2.4-74.i386.rpm \
glibc-info-2.2.4-74.i386.rpm \
glibc-i18ndata-2.2.4-74.i386.rpm \
glibc-profile-2.2.4-74.i386.rpm
SuSE-7.2
--------
rpm -Fvh bind8-8.2.3-184.i386.rpm \
bind8-devel-8.2.3-184.i386.rpm \
bindutil-8.2.3-184.i386.rpm \
glibc-2.2.2-63.i386.rpm \
glibc-devel-2.2.2-63.i386.rpm \
glibc-html-2.2.2-63.i386.rpm \
glibc-info-2.2.2-63.i386.rpm \
glibc-i18ndata-2.2.2-63.i386.rpm \
glibc-profile-2.2.2-63.i386.rpm
SuSE-7.1
--------
rpm -Fvh bind8-8.2.3-183.i386.rpm \
bind8-devel-8.2.3-183.i386.rpm \
bindutil-8.2.3-183.i386.rpm
SuSE-7.0
--------
rpm -Fvh bind8-8.2.3-183.i386.rpm \
bindutil-8.2.3-183.i386.rpm
Mandrake 7.1, 7.2
-----------------
rpm -Fvh bind-8.3.3-1.1mdk.i586.rpm \
bind-devel-8.3.3-1.1mdk.i586.rpm \
bind-utils-8.3.3-1.1mdk.i586.rpm