Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

GNU glibc Information for VU#803539

Date Notified:2002-06-28
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

For resolving host names and addresses via DNS, Version 2.1.2 and earlier versions of the GNU C Library are vulnerable. Later versions are not vulnerable.

For the less commonly used action of resolving network names and addresses via DNS as per Internet RFC 1011, Version 2.2.5 and earlier versions are vulnerable.

To work around the problems, modify the file /etc/nsswitch.conf so that it contains "hosts:" and "networks:" lines that do not mention "dns". For example, you might use the following lines in your /etc/nsswitch.conf file:

    # This "networks:" line omits "dns" to work around a bug in glibc
    # 2.2.5 and earlier.
    networks: files nisplus

    # This "hosts:" line omits "dns" to work around a bug in glibc 2.1.2
    # and earlier.
    hosts: nisplus [NOTFOUND=return] files
    [CERT/CC: This workaround will break network and host resolution that is not provided through some other means, such as database files (/etc/hosts, /etc/networks) or NIS. In most cases, resolution for non-local networks and hosts will be disabled.]
Most GNU/Linux distributions with glibc 2.1.3 and later ship with a line like "networks: files" in /etc/nsswitch.conf and thus unless this line is changed they are not vulnerable.

To fix the problem instead of working around it, we suggest upgrading to Version 2.1.3 or later, and applying the following patch, taking care to relink any statically linked applications that use the affected functions. This patch can also be found at:

<http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/resolv/nss_dns/dns-network.c.diff?r1=1.10&r2=1.10.2.1&cvsroot=glibc>
    ===================================================================
    RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v
    retrieving revision 1.10
    retrieving revision 1.10.2.1
    diff -u -r1.10 -r1.10.2.1
    --- libc/resolv/nss_dns/dns-network.c 2001/07/06 04:55:39 1.10
    +++ libc/resolv/nss_dns/dns-network.c 2002/07/02 09:38:29 1.10.2.1
    @@ -328,7 +328,9 @@
       }
     cp += n;
     *alias_pointer++ = bp;
    -  bp += strlen (bp) + 1;
    +  n = strlen (bp) + 1;
    +  bp += n;
    +  linebuflen -= n;
     result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
     ++have_answer;
    }

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Addendum

    One aspect of this vulnerability that involves host name and address lookups was addressed in glibc version 2.1.3 in October 1999:


[ftp://ftp.gnu.org/gnu/glibc/glibc-2.1.2-2.1.3.diff.gz]
    +1999-10-25  Ulrich Drepper  <drepper@cygnus.com>
    +
    +       * resolv/gethnamaddr.c: Account bytes needed for alignment in
    +       buflen.  Patch by Olaf Kirch <okir@lst.de>.

    <elided>

    @@ -424,6 +424,10 @@ getanswer(answer, anslen, qname, qtype)
                                    buflen -= nn;
                            }
     
    +                       /* XXX: when incrementing bp, we have to decrement
    +                        * buflen by the same amount --okir */
    +                       buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
    +
                            bp += sizeof(align) - ((u_long)bp % sizeof(align));
     
                            if (bp + n >= &hostbuf[sizeof hostbuf]) {
A second problem, a buffer overflow handling DNS answers for network names and addresses (VU#542971), affects current versions of glibc (2.2.5 and previous).

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information