IBM Information for VU#738331

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to a buffer overflow in the res_nsend() resolver function, as mentioned above, in releases 4.3.3 and 5.1.0. This problem was discovered and fixed earlier while investigating a core dump from the "host" command.

The following APAR's are available for this fix:

AIX 4.3.3: IY31886

AIX 5.1.0: IY31889
The APAR's can be downloaded by going to the following URL, then following the links for your system release level.

http://techsupport.services.ibm.com/servers/fixes?view=pseries

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.