ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
| bind-dns-libresolv-bo (10624) |  High Risk |
Description:
ISC BIND is vulnerable to several stack-based buffer overflows in the stub resolver library (libresolv.a), caused by improper bounds checking of responses for network name and address requests. By sending a malformed DNS response, a remote attacker in control of a malicious DNS server could overflow a buffer in the getnetbyname() or getnetbyaddr() function and cause the system to crash or execute arbitrary code on the system with the same privileges as the process that calls the affected function.
Note: This vulnerability could also affect other DNS resolver libraries that are based on BIND 4.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of BIND (9.2.2 or later), available from the Internet Software Consortium Web site. See References.
—OR—
Apply the patch for this vulnerability, available from the Internet Software Consortium Web site. Refer to the "LIBRESOLV: buffer overrun" section on the BIND Vulnerabilities page for more information. See References.
For HP-UX 10.10, 10.20, 11.00, 11.04, and 11.11:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0212-233. See References.
For Red Hat Linux:
Upgrade to the latest glibc package, as listed below. Refer to RHSA-2004:383-05 for more information. See References.
Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 2.2.4-32.17 or later
For SuSE Linux:
Apply the appropriate fixed packages via the SuSE FTP server or the YaST Online Update, as listed in SuSE Security Summary Report SUSE-SR:2004:002. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- CERT Advisory CA-2002-31: Multiple Vulnerabilities in BIND.
- CIAC Information Bulletin 0-196: "glibc" Buffer Overflow Vulnerabilities.
- CIAC Information Bulletin N-013: ISC Remote Vulnerabilities in BIND4 and BIND8.
- Internet Software Consortium (ISC) Web site : Internet Software Consortium: BIND Vulnerabilities.
- National Infrastructure Protection Center Advisory 02-009: "Multiple Vulnerabilities in ISC BIND versions 4 and 8".
- NetBSD Security Advisory NetBSD-SA2002-028: Buffer overrun in getnetbyname/getnetbyaddr. (From Neohapsis archive.)
- SGI Security Advisory 20021201-01-P: Multiple Vulnerabilities in BIND Name Service Daemon.
- BID-6186: ISC BIND DNS Resolver Buffer Overflow Vulnerability
- BID-7249: Multiple HP Tru64 C Library Vulnerabilities
- CVE-2002-0029: Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka LIBRESOLV: buffer overrun and a different vulnerability than CVE-2002-0684.
- DSA-196: bind -- several vulnerabilities
- OpenPKG-SA-2002.011: BIND
- RHSA-2004-383: glibc security update
- SUSE-SR:2004:002: SUSE Security Summary Report
- US-CERT VU#844360: Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups
Platforms Affected:
- Debian Debian Linux 2.2
- Debian Debian Linux 3.0
- HP HP-UX 10.10
- HP HP-UX 10.20
- HP HP-UX 11.00
- HP HP-UX 11.04
- HP HP-UX 11.11
- ISC BIND 4.9.10
- ISC BIND 4.9.2
- ISC BIND 4.9.3
- ISC BIND 4.9.4
- ISC BIND 4.9.5
- ISC BIND 4.9.6
- ISC BIND 4.9.7
- ISC BIND 4.9.8
- ISC BIND 4.9.9
- RedHat Enterprise Linux 2.1 AW
- RedHat Enterprise Linux 2.1 WS
- RedHat Enterprise Linux 2.1 ES
- RedHat Enterprise Linux 2.1 AS
- RedHat Linux Advanced Workstation 2.1 Itanium
- SuSE Linux Enterprise Server 8
- SUSE SuSE Linux 8.1
Reported:
Nov 12, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net