SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libc Vendors:   FreeBSD, NetBSD, OpenBSD
Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1004635
SecurityTracker URL:  http://securitytracker.com/id/1004635
CVE Reference:   CVE-2002-0684   (Links to External Site)
Updated:  Nov 16 2003
Original Entry Date:  Jun 26 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in 'libc'. A remote user with control over a DNS server could cause arbitrary code to be executed on the system when the system resolves an address.

Pine Internet released a security advisory for 'libc' warning of a buffer overflow in the resolver code of libc.

A remote user with control over a DNS server can send a specially crafted reply to the target host when the target host makes a certain DNS query.

The flaw appears to reside in the gethostnamadr() and getnetnamadr() functions.

Impact:   A remote user could cause arbitrary code to be run on the system in certain situations. The privileges that the code would run with depend on the privileges of the calling routine that uses the affected libc components.
Solution:   The FreeBSD, NetBSD and OpenBSD CVS source has been updated. Additional alerts will likely be issued for vendor-specific distributions of libc. Check with your vendor for the fix or view the Message History to see if your vendor has issued an alert.
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)
Underlying OS Comments:  BSD-based systems are affected; However, this may also affect other UNIX and Linux based systems

Message History:   This archive entry has one or more follow-up message(s) listed below.
(FreeBSD Issues Fix) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
The vendor has released a fix for FreeBSD.
(NetBSD Issues Fix) Re: Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
NetBSD has issued a fix.
(IBM Issues Fix for AIX) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
IBM has released a fix for AIX.
(Mandrake Issues Fix for BIND) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix for BIND.
(EnGarde Issues Fix for BIND) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
EnGarde has released a fix for BIND on EnGarde Secure Linux.
(Red Hat Issues Fix for Glibc) Re: Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for glibc.
(Caldera Issues Fix for OpenLinux) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Caldera has released a fix for OpenLinux.
(Red Hat Issues Fix for Bind) Re: Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Red Hat issues fix for Bind.
(HP Issues Fix for BIND) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
HP has released a temporary fix for their BINDv920.INETSVCS-BIND DNS resolver library.
(Mandrake Issues Fix) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
(Trustix Issues Fix for Glibc) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Trustix has released a fix for glibc.
(Caldera Issues DNS Resolver Fix for UnixWare) Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
Caldera has released a DNS resolver fix for (SCO) UnixWare.



 Source Message Contents

Subject:  [VulnWatch] Remote buffer overflow in resolver code of libc


--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Please find advisory attached.

Mark Lastdrager

--
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728
Today's excuse: Radial Telemetry Infiltration

--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pine-cert-20020601.txt"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------------------
 Pine Internet Security Advisory
 -----------------------------------------------------------------------------
 Advisory ID       : PINE-CERT-20020601 
 Authors           : Joost Pol <joost@pine.nl>
 Issue date        : 2002-06-25 
 Application       : Multiple
 Version(s)        : Multiple 
 Platforms         : FreeBSD, OpenBSD, NetBSD, maybe more. 
 Availability      : http://www.pine.nl/advisories/pine-cert-20020601.txt
 -----------------------------------------------------------------------------

Synopsis

	There is a remote buffer overflow in the resolver code of libc.

Impact

	Serious.

	Exploitability will vary on application-specific issues.

Description

	There is a slight mistake in the resolver code of libc.

	This will allow an attacker-controlled DNS server to reply
	with a carefully crafted message to (for example) a
	gethostbyname request.
	
	This reply will trigger the buffer overflow

Solution

	FreeBSD, NetBSD and OpenBSD CVS have been updated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)

iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0
rLNudIKentqTZeIXslcTi2c=
=xNWe
-----END PGP SIGNATURE-----

--1UWUbFP1cBYEclgG--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC