|Front | Info | Lists | Newsfeeds | Study Guide | What is BSD?|
Potential buffer overflow in DNS resolvers
By Jeremy C. Reed
A remote buffer overflow in some BIND-based DNS resolvers has been found. This code is found in the BSD libc. It was reported by Joost Pol.
Possibly arbitary code could be executed running with the permissions of an application using the resolver (such as gethostbyname). This issue could possibly be exploited by an outgoing DNS query made to a hostile server that provides a carefully-crafted message.
It is reported that a workaround is to block all direct DNS queries and responses using a firewall and have the client systems use a good nameserver for recursive resolution, such as BIND 9.2.1 or DJB's dnscache.
A patch for FreeBSD 4.5 and 4.6 is available at ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.
A patch for OpenBSD 3.1 is at ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/007_resolver.patch.
And for NetBSD, the netbsd-1-4, netbsd-1-5, and netbsd-1-6 branches have been updated. (For more information, see NetBSD Security Advisory 2002-006.)
Because the issue is in libc, statically-linked executables should be rebuilt.
More information can be found in Pine Internet Security Advisory PINE-CERT-20020601 and CERT/CC Vulnerability Note VU#803539.
DiscussionDiscuss this article below.
BSD Links· Advocacy
· User Groups