Vulnerability Note VU#844360
Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups
The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service.
A DNS stub resolver library provides an interface for network applications to make requests and receive responses from the domain name system. The BIND 4 resolver library (libresolv.a) contains several buffer overflows in the functions that handle responses for network name and address requests (getnetbyname(), getnetbyaddr()). While reading the answer portion of a DNS response, the functions copy data received from the network into inadequately sized buffers. A specially crafted DNS response could overflow the buffers, possibly injecting arbitrary code onto the stack.
ISC BIND 4.9.2 through 4.9.10 are vulnerable. DNS stub resolver libraries that are derived from BIND 4 may vulnerable, including BSD libc, GNU glibc, and resolvers used by System V UNIX systems. In addition, some network applications provide their own resolver functions which may use vulnerable code from BIND 4.
An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. The attacker would need to control DNS responses, possibly by spoofing responses or gaining control of a DNS server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||12 Nov 2002||25 Feb 2003|
|GNU glibc||Affected||12 Nov 2002||16 Jan 2003|
|Hewlett-Packard Company||Affected||12 Nov 2002||15 Apr 2003|
|IBM||Affected||12 Nov 2002||27 Feb 2003|
|ISC||Affected||22 Oct 2002||13 Nov 2002|
|MetaSolv Software Inc.||Affected||12 Nov 2002||15 Nov 2002|
|NetBSD||Affected||12 Nov 2002||25 Feb 2003|
|Openwall GNU/*/Linux||Affected||12 Nov 2002||14 Nov 2002|
|SGI||Affected||12 Nov 2002||05 Dec 2002|
|Sun Microsystems Inc.||Affected||12 Nov 2002||15 Nov 2002|
|The SCO Group||Affected||12 Nov 2002||27 Feb 2003|
|Xerox Corporation||Affected||12 Nov 2002||24 Apr 2003|
|FreeBSD||Not Affected||12 Nov 2002||14 Nov 2002|
|NcFTP Software||Not Affected||-||05 Dec 2002|
|OpenBSD||Not Affected||12 Nov 2002||14 Nov 2002|
CVSS Metrics (Learn More)
This vulnerability was reported by CERT/CC staff.
This document was written by Art Manion.
- CVE IDs: CAN-2002-0029
- CERT Advisory: CA-2002-31
- Date Public: 12 Nov 2002
- Date First Published: 13 Nov 2002
- Date Last Updated: 24 Apr 2003
- Severity Metric: 8.91
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.