ISC Information for VU#308891
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 09 Aug 2002
ISC Vendor statememt.
BIND 4, BIND 8 and BIND 9.0.x are not vulnerable.
BIND 9.1.x ship with a copy of the vulnerable sections of OpenSSL crypto
library (obj_dat.c and asn1_lib.c).
Please upgrade to BIND 9.2.x and/or relink with a fixed version OpenSSL.
e.g. configure --with-openssl=/path/to/fixed/openssl
Vendors shipping product based on BIND 9.1 should contact email@example.com.
BIND 9.2.x is vulnerable if linked against a vulnerable library. By default
BIND 9.2 does not link against OpenSSL.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.