Re: Buffer overflow and DoS i BINDFrom: Steven M. Christey (coley@LINUS.MITRE.ORG)
- Previous message: Entercept: "Entercept Agent Password Exposure"
- Maybe in reply to: Jørgensen, Bjørn Anders: "Buffer overflow and DoS i BIND"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Jul 2002 03:04:40 -0400 From: "Steven M. Christey" <coley@LINUS.MITRE.ORG> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
It is important to note that this issue applies to more than BIND.
As described in the CERT advisory, this can also affect network
applications that use C libraries like libc and glibc, or derived
As I read it, it may also affect client programs, as implied by CERT:
"[There is a] buffer overflow vulnerability in the way the resolver
handles DNS responses... any DNS resolver implementation that derives
code from either of these libraries may also be vulnerable. Network
applications that makes [sic] use of vulnerable resolver libraries are
likely to be affected, therefore this problem is not limited to DNS or
BIND servers." The problem ultimately stems from a single codebase.