Pine Internet Security Advisory
Advisory ID : PINE-CERT-20020601
Authors : Joost Pol <firstname.lastname@example.org>
Issue date : 2002-06-25
Application : Multiple
Version(s) : Multiple
Platforms : FreeBSD, OpenBSD, NetBSD, maybe more.
Availability : http://www.pine.nl/advisories/pine-cert-20020601.txt
There is a remote buffer overflow in the resolver code of libc.
Exploitability will vary on application-specific issues.
There is a slight mistake in the resolver code of libc.
This will allow an attacker-controlled DNS server to reply with a carefully crafted message to (for example) a gethostbyname request.
This reply will trigger the buffer overflow
FreeBSD, NetBSD and OpenBSD CVS have been updated.