Apple Computer Inc. Information for VU#844360

Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups

Status

Affected

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server

Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server.

Apple is working on a software update to address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

See Security Update 2002-11-21:

<http://www.apple.com/support/security/security_updates.html>

If you have feedback, comments, or additional information about this vulnerability, please send us email.