Multiple vendor DNS resolver library read buffer overflow
| dns-resolver-lib-read-bo (10295) |  Low Risk |
Description:
The Domain Name System (DNS) resolver library in BSD (libc), GNU/Linux (glibc), Internet Software Consortium's (ISC) BIND (libbind), and Sun Solaris (libresolv) are vulnerable to a denial of service attack, caused by a read buffer overflow in the resolver library. By sending a DNS packet of more than 1024 bytes to a vulnerable server, a remote attacker in control of a malicious DNS server could overflow a buffer and cause the application that made the call to the DNS resolver library to crash.
Platforms Affected:
- Conectiva, Linux 6.0
- Conectiva, Linux 7.0
- Conectiva, Linux 8.0
- Debian, Debian Linux
- EngardeLinux, Secure Linux
- FreeBSD, FreeBSD 4.0
- FreeBSD, FreeBSD 4.1
- FreeBSD, FreeBSD 4.1.1
- FreeBSD, FreeBSD 4.2
- FreeBSD, FreeBSD 4.3
- FreeBSD, FreeBSD 4.4
- FreeBSD, FreeBSD 4.5
- FreeBSD, FreeBSD 4.6
- FreeBSD, FreeBSD 4.6.1
- FreeBSD, FreeBSD 4.6.2
- GNU, glibc 2.2.5
- Hitachi, Hitachi GR2000 prior to 06-05-/E
- HP, HP-UX 10.10
- HP, HP-UX 10.20
- HP, HP-UX 10.24
- HP, HP-UX 11.00
- HP, HP-UX 11.04
- HP, HP-UX 11.11
- HP, HP-UX 11.22
- IBM, AIX 4.3.3
- IBM, AIX 5.1
- ISC, BIND 4
- ISC, BIND 4.9
- ISC, BIND 4.9.10
- ISC, BIND 4.9.2
- ISC, BIND 4.9.3
- ISC, BIND 4.9.4
- ISC, BIND 4.9.5
- ISC, BIND 4.9.5 P1
- ISC, BIND 4.9.6
- ISC, BIND 4.9.7
- ISC, BIND 4.9.8
- ISC, BIND 4.9.9
- ISC, BIND 8.2
- MandrakeSoft, Mandrake Linux 9.0
- MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 2.1
- MandrakeSoft, Mandrake Multi Network Firewall 8.2
- NetBSD, NetBSD
- RedHat, Enterprise Linux 2.1 AS
- RedHat, Linux 6.2
- RedHat, Linux 7
- RedHat, Linux 7.1
- RedHat, Linux 7.1 for iSeries
- RedHat, Linux 7.1 for pSeries
- RedHat, Linux 7.2
- RedHat, Linux 7.3
- RedHat, Linux Advanced Workstation 2.1 Itanium
- Sun, Solaris 2.6
- Sun, Solaris 7.0
- Sun, Solaris 8
- Sun, Solaris 9
- SuSE, SuSE Linux
Remedy:
For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of glibc (2.1.3-1.0.6 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20021003-021. See References.
For Conectiva Linux:
Upgrade to the latest glibc packages, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2002:535 for more information. See References.
Conectiva 6.0: 2.1.3-26U60_4cl or later
Conectiva 7.0: 2.2.3-19U70_3cl or later
Conectiva 8.0: 2.2.4-12U80_3cl or later
For Red Hat Linux:
Upgrade to the latest glibc package, as listed below. Refer to RHSA-2002:197-09.See References.
Red Hat 6.2: 2.1.3-28 or later
Red Hat 7.0: 2.2.4-18.7.0.8 or later
Red Hat 7.1 and 7.2: 2.2.4-31 or later
Red Hat 7.3: 2.2.5-42 or later
For FreeBSD:
Upgrade to the latest version of FreeBSD (4.7-STABLE or later) or to the RELENG_4_7,
RELENG_4_6 (4.6-RELEASE-p4), or RELENG_4_5 (4.5-RELEASE-p22) dated after 2002-10-23 security branch, as listed in FreeBSD Security Advisory FreeBSD-SA-02:42.resolv. See References.
—OR—
Apply the appropriate patch for your system, as listed in FreeBSD Security Advisory FreeBSD-SA-02:42.resolv. See References.
For HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11, and 11.22:
Download and install the preliminary patches until a final patch is available, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0208-209. See References.
For Mandrake Linux:
Upgrade to the latest glibc package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:009 : glibc for more information. See References.
Mandrake Linux 9: 2.2.5-16.4.90mdk or later
Mandrake Linux Multi Network Firewall 8.2: 2.2.4-26.4.M82mdk or later
Mandrake Linux Corporate Server 2.1: 2.2.5-16.4.C21mdk or later
For other distributions:
Contact your vendor for upgrade or patch information or refer to CERT Vulnerability Note VU#738331. See References.
Consequences:
Denial of Service
References:
- Conectiva Linux Announcement CLSA-2002:535, Fix for several vulnerabilities and daylight saving time for Brazil at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000535.
- EnGarde Secure Linux Security Advisory ESA-20021003-021, several security-related updates. at http://www.linuxsecurity.com/content/view/104167/109/.
- FreeBSD Security Advisory FreeBSD-SA-02:42.resolv, buffer overrun in resolver at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc.
- Full-Disclosure Mailing List, Tue Oct 08 2002 - 00:26:19 CDT, (another) buffer overrun in libc/libresolv DNS resolver at http://archives.neohapsis.com/archives/fulldisclosure/2002-q4/0106.html. (From Full-Disclosure Mailing List archive)
- Internet Software Consortium Web site, BIND at http://www.isc.org/products/BIND/.
- CVE-2002-1146: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary (read buffer overflow), allowing remote attackers to cause a denial of service (crash).
- MDKSA-2004:009: Updated glibc packages fix resolver vulnerabilities
- RHSA-2002-197: Updated glibc packages fix vulnerabilities in resolver
- RHSA-2003-022: glibc security update
- RHSA-2003-212: Updated glibc packages fix vulnerabilities
- US-CERT VU#738331: Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
Reported:
Oct 01, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net