Vulnerability Note VU#803539
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems.
The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. By issuing queries to and interpreting responses from DNS servers, IP-enabled network operating systems can access DNS information. When an IP network application needs to access or process DNS information, it calls functions in the stub resolver library, which may be part of the underlying network operating system. On BSD-based systems, DNS stub resolver functions are implemented in the system library libc. In ISC BIND, they are implemented in libbind, and on GNU/Linux-based systems, they are implemented in glibc.
The DNS resolver libraries on BSD-based systems (libc), ISC BIND (libbind), GNU/Linux (glibc), and possibly other systems that use code derived from ISC BIND contain buffer overflow vulnerabilities in the way the resolvers handle DNS responses. Quoting from FreeBSD Security Advisory FreeBSD-SA-02:28.resolv:
Note that the DNS stub resolver implemented in glibc on GNU/Linux systems is vulnerable via DNS lookups for network names and addresses (VU#542971).
An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems. The attacker would need to be able to spoof DNS responses or control a DNS server that provides responses to a vulnerable system. Any code executed by the attacker would run with the privileges of the process that called the vulnerable resolver function, potentially root.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Compaq Computer Corporation||Affected||27 Jun 2002||01 Apr 2003|
|Conectiva||Affected||-||14 Aug 2002|
|Cray Inc.||Affected||27 Jun 2002||28 Jun 2002|
|Debian||Affected||27 Jun 2002||14 Aug 2002|
|FreeBSD||Affected||27 Jun 2002||27 Jun 2002|
|GNU glibc||Affected||28 Jun 2002||18 Jul 2002|
|Guardian Digital Inc.||Affected||27 Jun 2002||25 Jul 2002|
|Hewlett-Packard Company||Affected||27 Jun 2002||15 Apr 2003|
|IBM||Affected||27 Jun 2002||15 Apr 2003|
|ISC||Affected||27 Jun 2002||07 Mar 2003|
|Juniper Networks||Affected||27 Jun 2002||29 Jun 2002|
|MandrakeSoft||Affected||27 Jun 2002||14 Aug 2002|
|MetaInfo||Affected||-||15 Apr 2003|
|MetaSolv Software Inc.||Affected||-||26 Jul 2002|
|NetBSD||Affected||27 Jun 2002||27 Jun 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks PINE-CERT for reporting this vulnerability and The FreeBSD Project, the NetBSD Project, and David Conrad of Nominum for information used in this document.
This document was written by Art Manion.
- CVE IDs: CAN-2002-0651
- CERT Advisory: CA-2002-19
- Date Public: 26 Jun 2002
- Date First Published: 27 Jun 2002
- Date Last Updated: 16 Apr 2003
- Severity Metric: 29.72
- Document Revision: 58
If you have feedback, comments, or additional information about this vulnerability, please send us email.