Re: Buffer overflow and DoS i BIND

From: Steven M. Christey (coley@LINUS.MITRE.ORG)
Date: 07/11/02


Date:         Thu, 11 Jul 2002 03:04:40 -0400
From: "Steven M. Christey" <coley@LINUS.MITRE.ORG>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

It is important to note that this issue applies to more than BIND.

As described in the CERT advisory, this can also affect network
applications that use C libraries like libc and glibc, or derived
code.

As I read it, it may also affect client programs, as implied by CERT:
"[There is a] buffer overflow vulnerability in the way the resolver
handles DNS responses... any DNS resolver implementation that derives
code from either of these libraries may also be vulnerable. Network
applications that makes [sic] use of vulnerable resolver libraries are
likely to be affected, therefore this problem is not limited to DNS or
BIND servers." The problem ultimately stems from a single codebase.

- Steve