Openwall GNU/*/Linux Information for VU#852283
Cached malformed SIG record buffer overflow
- Vendor Information Help Date Notified: 12 Nov 2002
- Statement Date:
- Date Updated: 03 Dec 2002
BIND 4.9.10-OW2 includes the patch provided by ISC and thus has the two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND 4.9.x-OW patches, if used properly, significantly reduced the impact of the "named" vulnerability. The patches are available at their usual location:
It hasn't been fully researched whether the resolver code in glibc,and in particular on Openwall GNU/*/Linux, shares any of the newly discovered BIND 4 resolver library vulnerabilities. Analysis is in progress.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.