GNU glibc Information for VU#738331

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow

Status

Affected

Vendor Statement

Version 2.2.5 of the GNU C Library is vulnerable. The following patch has been installed into the CVS sources, and should appear in the next version.

2002-09-04  Roland McGrath  <roland@redhat.com>

        * resolv/nss_dns/dns-network.c (MAXPACKET): Increase minimum value
        from 1024 to 65536, to avoid buffer overrun.

2002-08-24  Ulrich Drepper  <drepper@redhat.com>

        * resolv/nss_dns/dns-host.c (MAXPACKET): Likewise.

2002-08-16  Paul Eggert  <eggert@twinsun.com>

        * resolv/gethnamaddr.c (MAXPACKET): Likewise.
        * resolv/res_query.c (MAXPACKET): Likewise.

===================================================================
RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- libc/resolv/nss_dns/dns-network.c   2002/08/26 06:20:05     1.12
+++ libc/resolv/nss_dns/dns-network.c   2002/09/05 01:23:06     1.13
@@ -70,10 +70,10 @@
 #define MAX_NR_ALIASES 48


-#if PACKETSZ > 1024
-#define MAXPACKET       PACKETSZ
+#if PACKETSZ > 65536
+# define MAXPACKET     PACKETSZ
 #else
-#define MAXPACKET       1024
+# define MAXPACKET     65536
 #endif

===================================================================
RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-host.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- libc/resolv/nss_dns/dns-host.c      2002/08/03 03:42:06     1.32
+++ libc/resolv/nss_dns/dns-host.c      2002/08/24 22:29:11     1.33
@@ -92,10 +92,10 @@
 #define MAX_NR_ALIASES 48
 #define MAX_NR_ADDRS   48

-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
 # define MAXPACKET     PACKETSZ
 #else
-# define MAXPACKET     1024
+# define MAXPACKET     65536
 #endif
 /* As per RFC 1034 and 1035 a host name cannot exceed 255 octets in length.  */
 #ifdef MAXHOSTNAMELEN
===================================================================
RCS file: /cvs/glibc/libc/resolv/gethnamaddr.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- libc/resolv/gethnamaddr.c   2002/08/03 03:40:54     1.39
+++ libc/resolv/gethnamaddr.c   2002/08/24 22:29:11     1.40
@@ -115,10 +115,10 @@
 extern void addrsort __P((char **, int));
 #endif

-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
 #define        MAXPACKET       PACKETSZ
 #else
-#define        MAXPACKET       1024
+#define        MAXPACKET       65536
 #endif

 /* As per RFC 1034 and 1035 a host name cannot exceed 255 octets in length.  */
===================================================================
RCS file: /cvs/glibc/libc/resolv/res_query.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- libc/resolv/res_query.c     2001/01/08 17:55:24     1.16
+++ libc/resolv/res_query.c     2002/08/24 22:29:11     1.17
@@ -85,10 +85,10 @@
 /* Options.  Leave them on. */
 /* #undef DEBUG */

-#if PACKETSZ > 1024
+#if PACKETSZ > 65536
 #define MAXPACKET      PACKETSZ
 #else
-#define MAXPACKET      1024
+#define MAXPACKET      65536
 #endif

 /*

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.