Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups

2002-08-01T00:00:00
ID VU:542971
Type cert
Reporter CERT
Modified 2002-08-28T01:57:00

Description

Overview

Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems.

Description

The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. By issuing queries to and interpreting responses from DNS servers, IP-enabled network operating systems can access DNS information. When an IP network application needs to access or process DNS information, it calls functions in the stub resolver library, which may be part of the underlying network operating system. On BSD-based systems, DNS stub resolver functions are implemented in the system library libc. In ISC BIND, they are implemented in libbind. On GNU/Linux-based systems, they are implemented in glibc. The DNS resolver libraries on BSD-based systems (libc), ISC BIND (libbind), GNU/Linux (glibc), and possibly other systems that use code derived from ISC BIND contain buffer overflow vulnerabilities in the way the resolver handles DNS responses.

This document specifically addresses a buffer overflow that can ocur when stub resolvers process DNS responses for network name and address resolution.

The stub resolver implementation in ISC BIND 4 (4.8 to 4.9.8 at least) is vulnerable to buffer overflows via DNS responses for both network and host name and address resolution. The BSD and GNU/Linux stub resolvers are derived from the BIND 4 code, therefore they are also vulnerable via both sets of responses.

* In October 1999, GNU/Linux glibc was patched against the buffer overflow that can occur during the processing of responses for **host** name and address resolution. glibc versions 2.1.3 and later are not vulnerable to this problem.
* In June 2002, ISC BIND and {Free,Net,Open}BSD patched their stub resolver libraries against both problems. At this time, it was discovered that glibc was still vulnerable to a buffer overflow via responses for **network** name and address resolution. Unpatched versions of GNU glibc 2.2.5 and earlier are vulnerable to this problem.

The Systems Affected section of this document only applies to products that use the GNU/Linux stub resolver implementation in glibc. See CERT Advisory CA-2002-19 and VU#803539 for more complete vendor information.

Note that any application that uses a vulnerable resolver library is likely to be affected. Applications that are statically linked must be recompiled using patched resolver libraries.

Impact

An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems. The attacker would need to be able to spoof DNS responses or control a DNS server that provides responses to a vulnerable system. Any code executed by the attacker would run with the privileges of the process that called the vulnerable resolver function, potentially root.


Solution

Apply a Patch

Apply a patch from your vendor. In the case of statically linked binaries, it is necessary to recompile using the patched version of the DNS stub resolver libraries.

Upgrade

Upgrade your system as specified by your vendor.


Use of a local caching DNS server is not an effective workaround

When this document was initially published, it was thought that a caching DNS server that reconstructs DNS responses would prevent malicious code from reaching systems with vulnerable resolver libraries. This workaround does not prevent some DNS responses that contain malicious code from reaching clients, whether or not the responses are reconstructed by a local caching DNS server. Since the server may cache the responses, the malicious code could persist until the server's cache is purged or the entries expire.

Disable Reverse DNS Lookups

Disable the reverse DNS lookup functions in applications that perform DNS name lookups from IP addresses. For example, some HTTP and FTP servers perform reverse DNS lookups to convert IP addresses to hostnames in logs. Disabling reverse DNS lookups will only protect against specific exploit attempts that rely on the reverse lookup as an attack vector.

Configure Name Service Switch (glibc only)

On GNU/Linux systems using glibc, configure the Name Service Switch function of glibc not to use DNS to resolve network names and addresses. Modify the Name Service Switch configuration file /etc/nsswitch.conf so that the "networks:" line does not contain the term "dns".

# This "networks:" line omits "dns" to work around a bug in glibc 2.2.5 and earlier.
networks: files nisplus

Note that this will prevent resolution of network names and addresses via DNS, which will likely cause resolution of non-local networks to fail.


Vendor Information

542971

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Caldera __ Affected

Notified: July 08, 2002 Updated: August 13, 2002

Status

Affected

Vendor Statement

Please see Caldera Security Advisory CSSA-2002-034.1 (OpenLinux).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva __ Affected

Updated: August 14, 2002

Status

Affected

Vendor Statement

Conectiva Linux supported versions (6.0, 7.0 and 8) are not vulnerable to VU#803539 regarding glibc packages. Regarding VU#542971, these same versions of Conectiva Linux are vulnerable but not in the default installation, since /etc/nsswitch.conf ships without the dns parameter in the "networks:" line.

Updated glibc packages which fix the second vulnerability, VU#542971, will be provided.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Conectiva Linux Announcement CLSA-2002:507 (english).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian __ Affected

Notified: July 08, 2002 Updated: August 14, 2002

Status

Affected

Vendor Statement

Debian is vulnerable to the second vulnerability [VU#542971]:

  Debian 2.2 aka potato aka stable: glibc 2.1.3 does not contain the included patch  Debian         woody aka testing: glibc 2.2.5 does not contain the included patch  Debian         sid  aka unstable: glibc 2.2.5 does not contain the included patch

We are working towards an updated library.

We are not vulnerable to the first vulnerability [VU#803539] as published in the CERT Advisory CA-2002-19, though.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNU glibc __ Affected

Notified: June 28, 2002 Updated: August 01, 2002

Status

Affected

Vendor Statement

For resolving host names and addresses via DNS, Version 2.1.2 and earlier versions of the GNU C Library are vulnerable. Later versions are not vulnerable.

For the less commonly used action of resolving network names and addresses via DNS as per Internet RFC 1011, Version 2.2.5 and earlier versions are vulnerable.

To work around the problems, modify the file /etc/nsswitch.conf so that it contains "hosts:" and "networks:" lines that do not mention "dns". For example, you might use the following lines in your /etc/nsswitch.conf file:

`# This "networks:" line omits "dns" to work around a bug in glibc

2.2.5 and earlier.

networks: files nisplus`

`# This "hosts:" line omits "dns" to work around a bug in glibc 2.1.2

and earlier.

hosts: nisplus [NOTFOUND=return] files[CERT/CC: This workaround will break network and host resolution that is not provided through some other means, such as database files (/etc/hosts,/etc/networks) or NIS. In most cases, resolution for non-local networks and hosts will be disabled.] Most GNU/Linux distributions with glibc 2.1.3 and later ship with a line like "networks: files" in/etc/nsswitch.conf` and thus unless this line is changed they are not vulnerable.

To fix the problem instead of working around it, we suggest upgrading to Version 2.1.3 or later, and applying the following patch, taking care to relink any statically linked applications that use the affected functions. This patch can also be found at:

<http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-network.c.diff?r1=1.10&r2=1.10.2.1&cvsroot=glibc>
=================================================================== RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v retrieving revision 1.10 retrieving revision 1.10.2.1 diff -u -r1.10 -r1.10.2.1 --- libc/resolv/nss_dns/dns-network.c2001/07/06 04:55:391.10 +++ libc/resolv/nss_dns/dns-network.c2002/07/02 09:38:291.10.2.1 @@ -328,7 +328,9 @@ } cp += n; *alias_pointer++ = bp; - bp += strlen (bp) + 1; + n = strlen (bp) + 1; + bp += n; + linebuflen -= n; result-&gt;n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC; ++have_answer; }

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

One aspect of this vulnerability that involves host name and address lookups was addressed in glibc version 2.1.3 in October 1999:

[<ftp://ftp.gnu.org/gnu/glibc/glibc-2.1.2-2.1.3.diff.gz>]

+1999-10-25 Ulrich Drepper &lt;drepper@cygnus.com&gt;
+
+ * resolv/gethnamaddr.c: Account bytes needed for alignment in
+ buflen. Patch by Olaf Kirch &lt;okir@lst.de&gt;.

&lt;elided&gt;

@@ -424,6 +424,10 @@ getanswer(answer, anslen, qname, qtype)
buflen -= nn;
}

+ /* XXX: when incrementing bp, we have to decrement
+ * buflen by the same amount --okir */
+ buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
+
bp += sizeof(align) - ((u_long)bp % sizeof(align));

if (bp + n &gt;= &hostbuf[sizeof hostbuf]) {
A second problem, a buffer overflow handling DNS answers for network names and addresses (VU#542971), affects current versions of glibc (2.2.5 and previous).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guardian Digital __ Affected

Notified: July 08, 2002 Updated: August 01, 2002

Status

Affected

Vendor Statement

Please see EnGarde Secure Linux Security Advisory ESA-20020724-018.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company __ Affected

Notified: July 08, 2002 Updated: August 01, 2002

Status

Affected

Vendor Statement

Please see Hewlett-Packard Company Security Bulletin HPSBTL0207-053.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft __ Affected

Notified: July 08, 2002 Updated: August 14, 2002

Status

Affected

Vendor Statement

Please see MandrakeSoft Security Advisory MDKSA-2002:050.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall __ Affected

Updated: August 14, 2002

Status

Affected

Vendor Statement

No release or branch of Openwall GNU/*/Linux (Owl) is affected in default configuration as the "dns" NSS module isn't enabled for network lookups in our default /etc/nsswitch.conf file.

The defect in "dns" module has been corrected in Owl-current on 2002/07/04 and that fix is included in the snapshot from 2002/07/07.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. __ Affected

Notified: July 08, 2002 Updated: August 01, 2002

Status

Affected

Vendor Statement

Please see Red Hat Security Advisory RHSA-2002:139-10.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware __ Affected

Updated: August 13, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Slackware changelogs reflect patches to glibc libraries:

<ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt>

<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/ChangeLog.txt>

Tue Jul 30 19:45:52 PDT 2002
...
(* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow
in glibc's DNS resolver functions that look up network addresses.
Another workaround for this problem is to edit /etc/nsswtich.conf changing:
networks: files dns
to:
networks: files
(* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer
overflow in glibc's DNS resolver functions that look up network addresses.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc. __ Affected

Notified: July 08, 2002 Updated: August 01, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
SuSE Security Announcement
Package: bind, glibc Announcement-ID: SuSE-SA:2002:026 Date: Tue Jul 09 2002 Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE Linux Enterprise Server for S/390, SuSE Linux Database Server, SuSE eMail Server III, SuSE Linux Enterprise Server, SuSE Linux Firewall on CD Vulnerability Type: buffer overflow Severity (1-10): 3 SuSE default package: yes Cross References:CERT CA-2002-19; CVE CAN-2002-0651
Content of this advisory: 1) security vulnerability resolved: buffer overflow in dig, host, and nslookup utilities. problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
A vulnerability has been discovered in some resolver library functions. The affected code goes back to the resolver library shipped as part of BIND4; code derived from it has been included in later BIND releases as well as the GNU libc.
The bug itself is a buffer overflow that can be triggered if a DNS server sends multiple CNAME records in a DNS response.
This bug has been fixed for the gethostbyXXX class of functions in GNU libc in 1999. Unfortunately, there is similar code in the getnetbyXXX functions in recent glibc implementations, and the code is enabled by default. However, these functions are used by very few applications only, such as ifconfig and ifuser, which makes exploits less likely.
We will make updated glibc packages available as they have gone through our build system, but without separate announcements.
Until glibc patches are available, we recommend that you disable DNS lookups of network names in nsswitch.conf. Simply replace the line containing the tag "networks:" with this line:
networks: files
In the unlikely event that you've configured any name to network mapping via DNS, make sure you copy this information to /etc/networks.
The resolver bug is also present in the libbind library included in BIND. This library is used by utilities from the bindutil package.
We are therefore providing security updates for bind8 that address this vulnerability. As communicated previously (1), the SuSE security team is not providing fixes for BIND4 anymore.
The bind9 packages shipped by SuSE are not vulnerable.
Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.
Apply the updata packages (bindutil, bind8) package using
rpm -Fvh bind*.rpm
If you are running the BIND name server, you should restart the name server process by issuing
rcnamed restart
Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.
References: (1) ``&lt;http://www.suse.de/de/support/security/adv004_ssh.html&gt;``

______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- There is a format string bug in the "nn" news reader that can be exploited by a malicious NNTP server to execute arbitrary commands within the client user's account. We will be releasing updated packages.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package.
1) execute the command md5sum &lt;name-of-the-file.rpm&gt; after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security@suse.de), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig &lt;file.rpm&gt; to verify the signature of the package, where &lt;file.rpm&gt; is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg &lt; announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build@suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the toplevel directory of the first CD (pubring.gpg) and at ``&lt;ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de&gt;`` .

- SuSE runs two security mailing lists to which any interested party may subscribe:
suse-security@suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to &lt;suse-security-subscribe@suse.com&gt;.
suse-security-announce@suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to &lt;suse-security-announce-subscribe@suse.com&gt;.
For general information or the frequently asked questions (faq) send mail to: &lt;suse-security-info@suse.com&gt; or &lt;suse-security-faq@suse.com&gt; respectively.
` =====================================================================
SuSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================


The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the cleartext signature shows proof of the
authenticity of the text.
SuSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see &lt;http://www.gnupg.org&gt;
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see &lt;http://www.gnupg.org&gt;
iQEVAwUBPSyDnney5gA9JdPZAQFmswf8DjL+C4M3TP+iySk7sPqR7znMEO1+Zu5v
SA64ygjQthQUfJAX3LSWndmb7WEZyRvxeH7eOwqftv3o6846c1NdEQfnrJrtv4Ah
c6mPXBnYbY0J3fR9yoz8DdvsOQ/OcOIfzUjNiC5arxEyoD+LbS6bjtNorUio5s/P
q6otWJt+vkVhYHEyZJeA+4T1mrXs1dpGXUh1+k4kytfQ5d3w1Sv2QE5wahB0d0xD
zUXGtGEWTSaO5r3OF3W6zY7pC2hpVTXPrNsgX+WsUFZhl6hgdEhkMAQl7H7doNVy
Ofxp9XrHrDhwEvGKBALMJ8LmjdR0ES+NOs0qGTJTpjQCTuuG8TiOkw==
=e3AP
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix __ Affected

Updated: August 14, 2002

Status

Affected

Vendor Statement

Please see Trustix Secure Linux Security Advisory #2002-0061 (BIND) and #2002-0067 (glibc).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Unknown

Notified: July 08, 2002 Updated: August 01, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Unknown

Notified: July 08, 2002 Updated: August 01, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 14 vendors View less vendors

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.pine.nl/advisories/pine-cert-20020601.asc>
  • <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc>
  • <ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc>
  • <http://www.securityfocus.com/bid/5100>
  • <http://www.ietf.org/rfc/rfc1034.txt>
  • <http://www.ietf.org/rfc/rfc1035.txt>
  • <http://www.ietf.org/rfc/rfc2136.txt>
  • <http://www.gnu.org/manual/glibc-2.2.5/html_node/Name-Service-Switch.html>

Acknowledgements

The CERT/CC thanks PINE-CERT for reporting this vulnerability and the GNU glibc developers for information used in this document.

This document was written by Art Manion.

Other Information

CVE IDs: | CVE-2002-0684
---|---
CERT Advisory: | CA-2002-19
Severity Metric: | 29.72
Date Public: | 2002-06-26
Date First Published: | 2002-08-01
Date Last Updated: | 2002-08-28 01:57 UTC
Document Revision: | 38