Risks
Vulnerabilities
Browse by
Remote Buffer Overflow in Resolver Code of libc
27 June 2002
Bookmark and Share
From: Mark Lastdrager <mark@pine.nl>

Pine Internet Security Advisory

Advisory ID : PINE-CERT-20020601
Authors : Joost Pol <joost@pine.nl>
Issue date : 2002-06-25
Application : Multiple
Version(s) : Multiple
Platforms : FreeBSD, OpenBSD, NetBSD, maybe more.
Availability : http://www.pine.nl/advisories/pine-cert-20020601.txt

Synopsis

There is a remote buffer overflow in the resolver code of libc.

Impact

Serious.

Exploitability will vary on application-specific issues.

Description

There is a slight mistake in the resolver code of libc.

This will allow an attacker-controlled DNS server to reply with a carefully crafted message to (for example) a gethostbyname request.

This reply will trigger the buffer overflow

Solution

FreeBSD, NetBSD and OpenBSD CVS have been updated.


Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //