[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code.
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Jul 30 21:14:34 UTC 2002
Steve Foster <fosters at uk.psi.com> wrote:
> At 15:25 30/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:
>>Yes, your resolver code is vulnerable.
>>
>>This is not a nameserver problem per se, but is located in the
>>resolver ( part of libc ) + all your statically linked binaries
>>that has resolver code within.
>>
>>The proper upgrade is from sun.
> Hi,
> does anybody have a link to a specific patch from Sun, as their security
> bulletins seem out of date, and don't have resolver patches listed.
> we have upgraded all of our customer and internal resolvers to bind9, but i
"we upgraded .. resolvers to bind9" ??
I don't follow you. Have you replaced the resolver routines in libc
with the ones supplied in bind-9.2.1 /lib/bind ? I'm not shure if that
one is fixed ( Jim /Mark could you comment about that ?)
> would also like to apply the updated patches to all of our servers as well..
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list