Re: bsd libc dns resolving code vulnerable?

From: Jacques A. Vidrine (
Date: 06/26/02

Date: Wed, 26 Jun 2002 11:07:06 -0500
From: "Jacques A. Vidrine" <>
To: Alain Thivillon <>

On Wed, Jun 26, 2002 at 05:39:54PM +0200, Alain Thivillon wrote:

To be clear, we're not certain that it /is/ exploitable. However,
the only safe thing to do is assume that it is.

> Do you know if using a local caching name server will prevent
> exploitation ?

I'm afraid I don't know. It depends upon whether the name server
rejects or cleans responses. And it would have to be local, as
in localhost.


Jacques A. Vidrine <>       
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos     .  .
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message