[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code.
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jul 31 00:00:01 UTC 2002
>
> Steve Foster <fosters at uk.psi.com> wrote:
>
> > At 15:25 30/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:
>
> >>Yes, your resolver code is vulnerable.
> >>
> >>This is not a nameserver problem per se, but is located in the
> >>resolver ( part of libc ) + all your statically linked binaries
> >>that has resolver code within.
> >>
> >>The proper upgrade is from sun.
>
> > Hi,
>
> > does anybody have a link to a specific patch from Sun, as their security
> > bulletins seem out of date, and don't have resolver patches listed.
>
> > we have upgraded all of our customer and internal resolvers to bind9, but i
>
>
> "we upgraded .. resolvers to bind9" ??
>
> I don't follow you. Have you replaced the resolver routines in libc
> with the ones supplied in bind-9.2.1 /lib/bind ? I'm not shure if that
> one is fixed ( Jim /Mark could you comment about that ?)
Doesn't anyone read the security pages at ISC anymore?
http://www.isc.org/products/BIND/bind-security.html
It is *NOT* fixed.
Mark
>
>
> > would also like to apply the updated patches to all of our servers as well.
> .
>
>
>
> --
> Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list