Multiple vendor DNS resolver library read buffer overflow

dns-resolver-lib-read-bo (10295)

Low Risk

Description:

The Domain Name System (DNS) resolver library in BSD (libc), GNU/Linux (glibc), Internet Software Consortium's (ISC) BIND (libbind), and Sun Solaris (libresolv) are vulnerable to a denial of service attack, caused by a read buffer overflow in the resolver library. By sending a DNS packet of more than 1024 bytes to a vulnerable server, a remote attacker in control of a malicious DNS server could overflow a buffer and cause the application that made the call to the DNS resolver library to crash.

Consequences:

Denial of Service

Remedy:

For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of glibc (2.1.3-1.0.6 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20021003-021. See References.

For Conectiva Linux:
Upgrade to the latest glibc packages, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2002:535 for more information. See References.

Conectiva 6.0: 2.1.3-26U60_4cl or later
Conectiva 7.0: 2.2.3-19U70_3cl or later
Conectiva 8.0: 2.2.4-12U80_3cl or later

For Red Hat Linux:
Upgrade to the latest glibc package, as listed below. Refer to RHSA-2002:197-09.See References.

Red Hat 6.2: 2.1.3-28 or later
Red Hat 7.0: 2.2.4-18.7.0.8 or later
Red Hat 7.1 and 7.2: 2.2.4-31 or later
Red Hat 7.3: 2.2.5-42 or later

For FreeBSD:
Upgrade to the latest version of FreeBSD (4.7-STABLE or later) or to the RELENG_4_7, RELENG_4_6 (4.6-RELEASE-p4), or RELENG_4_5 (4.5-RELEASE-p22) dated after 2002-10-23 security branch, as listed in FreeBSD Security Advisory FreeBSD-SA-02:42.resolv. See References.

—OR—

Apply the appropriate patch for your system, as listed in FreeBSD Security Advisory FreeBSD-SA-02:42.resolv. See References.

For HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11, and 11.22:
Download and install the preliminary patches until a final patch is available, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0208-209. See References.

For Mandrake Linux:
Upgrade to the latest glibc package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:009 : glibc for more information. See References.

Mandrake Linux 9: 2.2.5-16.4.90mdk or later
Mandrake Linux Multi Network Firewall 8.2: 2.2.4-26.4.M82mdk or later
Mandrake Linux Corporate Server 2.1: 2.2.5-16.4.C21mdk or later

For other distributions:
Contact your vendor for upgrade or patch information or refer to CERT Vulnerability Note VU#738331. See References.

References:

• Conectiva Linux Announcement CLSA-2002:535: Fix for several vulnerabilities and daylight saving time for Brazil.
• EnGarde Secure Linux Security Advisory ESA-20021003-021: several security-related updates..
• FreeBSD Security Advisory FreeBSD-SA-02:42.resolv: buffer overrun in resolver.
• Full-Disclosure Mailing List, Tue Oct 08 2002 - 00:26:19 CDT: (another) buffer overrun in libc/libresolv DNS resolver. (From Full-Disclosure Mailing List archive)
• Internet Software Consortium Web site: BIND.
• CVE-2002-1146: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary (read buffer overflow), allowing remote attackers to cause a denial of service (crash).
• MDKSA-2004:009: Updated glibc packages fix resolver vulnerabilities
• RHSA-2002-197: Updated glibc packages fix vulnerabilities in resolver
• RHSA-2003-022: glibc security update
• RHSA-2003-212: Updated glibc packages fix vulnerabilities
• US-CERT VU#738331: Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow

Platforms Affected:

• Conectiva Linux 6.0
• Conectiva Linux 7.0
• Conectiva Linux 8.0
• Debian Debian Linux
• EngardeLinux Secure Linux
• FreeBSD FreeBSD 4.0
• FreeBSD FreeBSD 4.1
• FreeBSD FreeBSD 4.1.1
• FreeBSD FreeBSD 4.2
• FreeBSD FreeBSD 4.3
• FreeBSD FreeBSD 4.4
• FreeBSD FreeBSD 4.5
• FreeBSD FreeBSD 4.6
• FreeBSD FreeBSD 4.6.1
• FreeBSD FreeBSD 4.6.2
• GNU glibc 2.2.5
• Hitachi Hitachi GR2000 prior to 06-05-/E
• HP HP-UX 10.10
• HP HP-UX 10.20
• HP HP-UX 10.24
• HP HP-UX 11.00
• HP HP-UX 11.04
• HP HP-UX 11.11
• HP HP-UX 11.22
• IBM AIX 4.3.3
• IBM AIX 5.1
• ISC BIND 4
• ISC BIND 4.9
• ISC BIND 4.9.10
• ISC BIND 4.9.2
• ISC BIND 4.9.3
• ISC BIND 4.9.4
• ISC BIND 4.9.5
• ISC BIND 4.9.5 P1
• ISC BIND 4.9.6
• ISC BIND 4.9.7
• ISC BIND 4.9.8
• ISC BIND 4.9.9
• ISC BIND 8.2
• MandrakeSoft Mandrake Linux 9.0
• MandrakeSoft Mandrake Linux Corporate Server 2.1
• MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft Mandrake Multi Network Firewall 8.2
• NetBSD NetBSD
• RedHat Enterprise Linux 2.1 AS
• RedHat Linux 6.2
• RedHat Linux 7
• RedHat Linux 7.1
• RedHat Linux 7.1 for iSeries
• RedHat Linux 7.1 for pSeries
• RedHat Linux 7.2
• RedHat Linux 7.3
• RedHat Linux Advanced Workstation 2.1 Itanium
• Sun Solaris 2.6
• Sun Solaris 7.0
• Sun Solaris 8
• Sun Solaris 9
• SUSE SuSE Linux

Reported:

Oct 01, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page