Openwall Information for VU#542971

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups

Status

Affected

Vendor Statement

No release or branch of Openwall GNU/*/Linux (Owl) is affected in default configuration as the "dns" NSS module isn't enabled for network lookups in our default /etc/nsswitch.conf file.

The defect in "dns" module has been corrected in Owl-current on 2002/07/04 and that fix is included in the snapshot from 2002/07/07.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.