search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows

Vulnerability Note VU#803539

Original Release Date: 2002-06-27 | Last Revised: 2003-04-16

Overview

Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems.

Description

The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. By issuing queries to and interpreting responses from DNS servers, IP-enabled network operating systems can access DNS information. When an IP network application needs to access or process DNS information, it calls functions in the stub resolver library, which may be part of the underlying network operating system. On BSD-based systems, DNS stub resolver functions are implemented in the system library libc. In ISC BIND, they are implemented in libbind, and on GNU/Linux-based systems, they are implemented in glibc.

The DNS resolver libraries on BSD-based systems (libc), ISC BIND (libbind), GNU/Linux (glibc), and possibly other systems that use code derived from ISC BIND contain buffer overflow vulnerabilities in the way the resolvers handle DNS responses. Quoting from FreeBSD Security Advisory FreeBSD-SA-02:28.resolv:

DNS messages have specific byte alignment requirements, resulting in padding in messages. In a few instances in the resolver code, this padding is not taken into account when computing available buffer space. As a result, the parsing of a DNS message may result in a buffer overrun of up to a few bytes for each record included in the message.
NetBSD Security Advisory 2002-006 provides further detail:

In lib/libc/net/gethnamaddr.c:getanswer() and lib/libc/net/getnetnamadr.c:getnetanswer(), two variables manage packet buffer parsing - a pointer to the byte we are looking at, and the remaining length on the buffer. The remaining length was not updated consistently, and malicious DNS responses are able to write outside the buffer.
This problem is not limited to DNS servers or to BIND. Any application that uses a vulnerable resolver library is likely to be affected. Applications that are statically linked must be recompiled using patched resolver libraries.

Note that the DNS stub resolver implemented in glibc on GNU/Linux systems is vulnerable via DNS lookups for network names and addresses (VU#542971).

Impact

An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems. The attacker would need to be able to spoof DNS responses or control a DNS server that provides responses to a vulnerable system. Any code executed by the attacker would run with the privileges of the process that called the vulnerable resolver function, potentially root.

Solution


Apply a Patch

Apply a patch from your vendor. In the case of statically linked binaries, it is necessary to recompile using the patched version of the DNS stub resolver libraries.

Upgrade

Upgrade your system as specified by your vendor.


Use of a local caching DNS server is not an effective workaround

When this document was initially published, it was thought that a caching DNS server that reconstructs DNS responses would prevent malicious code from reaching systems with vulnerable resolver libraries. This workaround does not prevent some DNS responses that contain malicious code from reaching clients, whether or not the responses are reconstructed by a local caching DNS server. Since the server may cache the responses, the malicious code could persist until the server's cache is purged or the entries expire.

Disable Reverse DNS Lookups

Disable the reverse DNS lookup functions in applications that perform DNS name lookups from IP addresses. For example, some HTTP and FTP servers perform reverse DNS lookups to convert IP addresses to hostnames in logs. Disabling reverse DNS lookups will only protect against specific exploit attempts that rely on the reverse lookup as an attack vector.

Vendor Information

803539
 
Affected   Unknown   Unaffected

Compaq Computer Corporation

Notified:  June 27, 2002 Updated:  April 01, 2003

Status

  Vulnerable

Vendor Statement

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary Hewlett-Packard Company and Hewlett-Packard Company HP Services Software Security Response Team
x-ref:SSRT2270

At the time of writing this document, Compaq is currently investigating the potential impact to Compaq's released Operating System software products.

As further information becomes available Compaq will provide notice of the completion/availibility of any necessary patches through standard product and security bulletin announcements and be available from your normal HP Services support channel.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Compaq (Hewlett-Packard) has released a security bulletin (SRB0039W/SSRT2275) that addresses VU#803539 and other vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Updated:  August 14, 2002

Status

  Vulnerable

Vendor Statement

Conectiva Linux supported versions (6.0, 7.0 and 8) are not vulnerable to VU#803539 regarding glibc packages. Regarding VU#542971, these same versions of Conectiva Linux are vulnerable but not in the default installation, since /etc/nsswitch.conf ships without the dns parameter in the "networks:" line.

Updated glibc packages which fix the second vulnerability, VU#542971, will be provided.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Conectiva Linux Announcement CLSA-2002:507 (english).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  June 27, 2002 Updated:  June 28, 2002

Status

  Vulnerable

Vendor Statement

The DNS resolver code supplied by Cray, Inc. in Unicos and Unicos/mk is vulnerable. SPR 722619 has been opened to track this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Notified:  June 27, 2002 Updated:  August 14, 2002

Status

  Vulnerable

Vendor Statement

Debian is vulnerable to the second vulnerability [VU#542971]:

  Debian 2.2 aka potato aka stable: glibc 2.1.3 does not contain the included patch  Debian         woody aka testing: glibc 2.2.5 does not contain the included patch  Debian         sid  aka unstable: glibc 2.2.5 does not contain the included patch

We are working towards an updated library.

We are not vulnerable to the first vulnerability [VU#803539] as published in the CERT Advisory CA-2002-19, though.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Notified:  June 27, 2002 Updated:  June 27, 2002

Status

  Vulnerable

Vendor Statement

FreeBSSD had released FreeBSD Security Advisory FreeBSD-SA-02:28.resolv.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNU glibc

Notified:  June 28, 2002 Updated:  July 18, 2002

Status

  Vulnerable

Vendor Statement

For resolving host names and addresses via DNS, Version 2.1.2 and earlier versions of the GNU C Library are vulnerable. Later versions are not vulnerable.

For the less commonly used action of resolving network names and addresses via DNS as per Internet RFC 1011, Version 2.2.5 and earlier versions are vulnerable.

To work around the problems, modify the file /etc/nsswitch.conf so that it contains "hosts:" and "networks:" lines that do not mention "dns". For example, you might use the following lines in your /etc/nsswitch.conf file:

    # This "networks:" line omits "dns" to work around a bug in glibc
    # 2.2.5 and earlier.
    networks: files nisplus


    # This "hosts:" line omits "dns" to work around a bug in glibc 2.1.2
    # and earlier.
    hosts: nisplus [NOTFOUND=return] files

    [CERT/CC: This workaround will break network and host resolution that is not provided through some other means, such as database files (/etc/hosts, /etc/networks) or NIS. In most cases, resolution for non-local networks and hosts will be disabled.]
Most GNU/Linux distributions with glibc 2.1.3 and later ship with a line like "networks: files" in /etc/nsswitch.conf and thus unless this line is changed they are not vulnerable.

To fix the problem instead of working around it, we suggest upgrading to Version 2.1.3 or later, and applying the following patch, taking care to relink any statically linked applications that use the affected functions. This patch can also be found at:

<>
    ===================================================================
    RCS file: /cvs/glibc/libc/resolv/nss_dns/dns-network.c,v
    retrieving revision 1.10
    retrieving revision 1.10.2.1
    diff -u -r1.10 -r1.10.2.1
    --- libc/resolv/nss_dns/dns-network.c2001/07/06 04:55:391.10
    +++ libc/resolv/nss_dns/dns-network.c2002/07/02 09:38:291.10.2.1
    @@ -328,7 +328,9 @@
       }
     cp += n;
     *alias_pointer++ = bp;
    -  bp += strlen (bp) + 1;
    +  n = strlen (bp) + 1;
    +  bp += n;
    +  linebuflen -= n;
     result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
     ++have_answer;
    }

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

One aspect of this vulnerability that involves host name and address lookups was addressed in glibc version 2.1.3 in October 1999:

Guardian Digital Inc.

Notified:  June 27, 2002 Updated:  July 25, 2002

Status

  Vulnerable

Vendor Statement

Please see EnGarde Secure Linux Security Advisory ESA-20020724-018.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  June 27, 2002 Updated:  April 15, 2003

Status

  Vulnerable

Vendor Statement

HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-209

Originally issued: 12 Aug 2002

reference id: VU#803539, SSRT2316

HP Published Security Bulletin HPSBUX0208-209 with solutions for HP9000 Series 700/800 running HP-UX releases 11.00 and 11.11 (11i) with products using DNS resolver libraries, including, but not limited to, BINDv920.INETSVCS-BIND.

This bulletin is available from the HP IT Resource Center page at: http://itrc.hp.com "Maintenance and Support" then "Support Information Digests" and then "hp security bulletins archive" search for bulletin HPSBUX0208-209.

reference id: VU#542971
describes a specific aspect of this vulnerability
as it affects the GNU libc library (glibc):

The glibc resolver used by HP Secure OS Software for Linux is vulnerable. Please see Hewlett-Packard Company Security Bulletin HPSBTL0207-053 for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

HP JetDirect print servers and LaserJet network printers are also affected. Please see HPSBUX0209-218/SSRT2345.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified:  June 27, 2002 Updated:  April 15, 2003

Status

  Vulnerable

Vendor Statement

IBM is vulnerable to the above DNS stub resolver issues in both the 4.3 and 5.1 releases of AIX. A temporary patch is available through an efix pacakge. Efixes are available from ftp.software.ibm.com/aix/efixes/security. See the README file in this directory for additional information on the efixes.

The following APARs will be available in the near future:

AIX 4.3.3: IY32719

AIX 5.1.0: IY32746

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ISC

Notified:  June 27, 2002 Updated:  March 07, 2003

Status

  Vulnerable

Vendor Statement

All versions of BIND 4 from 4.8.1 prior to BIND 4.9.9 are vulnerable.

All versions of BIND 8 prior to BIND 8.2.6 are vulnerable.
All versions of BIND 8.3.x prior to BIND 8.3.3 are vulnerable.
BIND versions BIND 9.2.0 and BIND 9.2.1 are vulnerable.

The status of BIND 4.8 is unknown, assume that it is vulnerable.

BIND versions BIND 9.0.x and BIND 9.1.x are not vulnerable.

'named' itself is not vulnerable.

Updated releases can be found at:

ftp://ftp.isc.org/isc/bind/src/4.9.9/
ftp://ftp.isc.org/isc/bind/src/8.2.6/
ftp://ftp.isc.org/isc/bind/src/8.3.3/
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.3/

BIND 9 contains a copy of the BIND 8.3.x resolver library (lib/bind). This will be updated with the next BIND 9 releases (9.2.2/9.3.0) in the meantime please use the original in BIND 8.3.3.

Vendors wishing additional patches should contact bind-bugs@isc.org.
Query about BIND 4 and BIND 8 should be addressed to bind-bugs@isc.org.
Query about BIND 9 should be addressed to bind9-bugs@isc.org.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The resolver library included in BIND 9.2.0 and 9.2.1 is a copy of the vulnerable resolver library included with BIND 8.3.x. In BIND 9, the vulnerable 8.3.x resolver library (libbind) is not built or installed by default unless BIND 9 is configured with the "--enable-libbind" option. BIND 9.2.2 is not vulnerable since it includes the updated resolver library (libbind) from BIND 8.3.3.

ISC has documented this issue on the BIND Vulnerabilities page of the ISC web site under the heading "libbind buffer overflow" and in a status update to the bind-announce mailing list.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Notified:  June 27, 2002 Updated:  June 29, 2002

Status

  Vulnerable

Vendor Statement

All versions of Juniper Networks JUNOS software released prior to June 27, 2002, are potentially vulnerable to this bug. This includes JUNOS versions 4.x, 5.0R1 through 5.0R4, 5.1R1 through 5.1R4, 5.2R1 through 5.2R3, and 5.3R1 through 5.3R2. (All releases of JUNOS software with version 5.4 or higher are NOT vulnerable.) The bug has been corrected as of June 27, 2002, and all future software releases will contain the correction. All Juniper Networks customers are encouraged to contact JTAC, the Juniper Networks Technical Assistance Center by telephone at 1-888-314-JTAC, or by E-mail at mailto:support@juniper.net for details on the availability of corrected software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  June 27, 2002 Updated:  August 14, 2002

Status

  Vulnerable

Vendor Statement

Please see MandrakeSoft Security Advisory MDKSA-2002:043 (BIND) and MDKSA-2002:050 (glibc).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MetaInfo

Updated:  April 15, 2003

Status

  Vulnerable

Vendor Statement

In response to DNS CERT advisory CA-2002-19, MetaInfo (a Check Point company) has developed Meta IP NG Feature Pack 1 Hot Fix 4. Hot Fix 4 uses BIND 8.2.6 which implements the fix for this security threat.
To ensure the highest level of security, MetaInfo recommends that ALL PREVIOUS RELEASES of Meta IP (Meta IP 4.x and all previous releases of Meta IP NG) be upgraded to the most current release.

Note: This Hot Fix is only compatible with the most current release, Meta IP NG Feature Pack 1. Since Meta IP 4.x has been transitioned to end of life, customers using any 4.x version of Meta IP will need to upgrade to Meta IP NG FP1 before downloading the Hot Fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MetaSolv Software Inc.

Updated:  July 26, 2002

Status

  Vulnerable

Vendor Statement

The resolver code embedded in the DNS Server (Based on ISC BIND 8.2.3) on both MetaSolv Policy Services 4.1 and 4.2 are vulnerable to CERT/CC Advisory CA-2002-19. This issue is being tracked by MetaSolv under Case #28230. The ISC Sanctioned Patches to 8.2.3 for this advisory have been compiled and applied, and will be available in Policy Services 4.2 Service Pack 1. Please contact MetaSolv Global Customer Care (supporthd@metasolv.com) for availability and assistance.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  June 27, 2002 Updated:  June 27, 2002

Status

  Vulnerable

Vendor Statement

NetBSD had released NetBSD Security Advisory 2002-006.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance

Notified:  June 27, 2002 Updated:  June 28, 2002

Status

  Vulnerable

Vendor Statement

Some NetApp systems are vulnerable to this problem. Check NOW (http://now.netapp.com) for information on whether your system is vulnerable and the appropriate patch release that you should install.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks

Notified:  June 27, 2002 Updated:  July 25, 2002

Status

  Vulnerable

Vendor Statement

The following Nortel Networks products are potentially affected by the vulnerability identified in CERT/CC Advisory CA-2002-19:

    • NetID. A bulletin entitled "NetID BIND Bulletin", dated 7-12-02 has been issued and is available from the following Nortel Networks support contacts:
    North America: 1-8004NORTEL or 1-800-466-7835

    Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

    Contacts for other regions are available at www.nortelnetworks.com/help/contact/global/
    • Optivity NMS, which uses Sun Solaris operating systems supplied by third parties. Nortel Networks recommends following the mitigating practices in Sun Microsystems Inc.'s Alert Notification. Implementing such practices will not adversely impact this Nortel Networks product.
    • Also, the former Nortel Networks product Preside Policy Server divested to MetaSolv Software, Inc. in February 2002 uses BIND 8 and may be potentially affected.

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Addendum

    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  June 27, 2002 Updated:  June 28, 2002

Status

  Vulnerable

Vendor Statement

[T]he resolver libraries in question got copied far and wide. They used to have a hell of a lot of bugs in them.

Now might be a good time for people to compare each others' libraries to each other. I would urge them to compare against the OpenBSD ones, where we've spent a lot of time on, but of course we still missed this. But perhaps people can then share some around. Not everyone is going to move to the bind9 stuff, since it is very different.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See: http://www.openbsd.org/errata.html#resolver.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenPKG

Updated:  July 25, 2002

Status

  Vulnerable

Vendor Statement

Please see OpenPKG Security Advisory OpenPKG-SA-2002.006.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Updated:  July 01, 2002

Status

  Vulnerable

Vendor Statement

No release or branch of Openwall GNU/*/Linux (Owl) is known to be affected, due to Olaf Kirch's fixes for this problem getting into the GNU C library more than two years ago.

The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1) include fixes for this vulnerability, originally developed by Jun-ichiro itojun Hagino of NetBSD. The updated patches are available at the usual location:

http://www.openwall.com/bind/
The BIND 4.9.x-OW patches provide certain security features which are not a part of ISC's now deprecated BIND 4 and are recommended for use by sites which chose to stick with BIND 4 for a little longer for whatever reason. They aren't a part of Owl.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  June 27, 2002 Updated:  August 09, 2002

Status

  Vulnerable

Vendor Statement

Please see Red Hat Security Advisory RHSA-2002:139 (glibc) and RHSA-2002:133 (libbind).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Corporation

Notified:  July 02, 2002 Updated:  July 18, 2002

Status

  Vulnerable

Vendor Statement

This is the official Secure Computing response to CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries. Note that we are currently supporting three different firewalls with different solutions to this vulnerability.

GAUNTLET (tm) FIREWALL & VPN (5.X and 6.0)
Gauntlet software users should contact their operating system vendor for a revised version of the library (on Solaris it is libresolv.so, on HP-UX it is libnss_dns.1) in question and apply it as soon as it is available.

GAUNTLET E-PPLIANCE FIREWALL & VPN (EPL 1.X and 2.0)
Gauntlet e-ppliance would be vulnerable to this theoretical attack. Secure Computing engineering is currently examining the issue in preparation for a patch for the e-ppliance 300 and 1000 (all versions).

SIDEWINDER(tm) FIREWALL & VPN (all releases including Sidewinder Appliance)
This buffer overflow vulnerability can not be exploited to gain access to, or gain any valuable information from a Sidewinder. An attack against one of the Sidewinder components using this vulnerability would yield no special privileges (such as root access, shell access, configuration information, etc.) due to Sidewinder's SecureOS(tm) Type Enforcement(tm) technology (TE).

None of Sidewinder's critical services (proxies, ACL engine, etc.) do direct DNS processing. Resolution is done by 'self contained' DNS resolver processes which are not granted Type Enforcement access to any of the services configuration data, nor could it access the data contained by the service sessions, nor even execute a shell. This process has no access to any system resources useful to an attacker. And of course, there is no useful concept of root privilege on Sidewinder.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sendmail

Updated:  July 01, 2002

Status

  Vulnerable

Vendor Statement

Sendmail uses the BIND resolver API, and is commonly linked with the BIND resolver library (libbind). As a result, Sendmail could be leveraged to exploit this vulnerability.

The custom DNS map TXT record handling issue that was fixed in Sendmail 8.12.5 is a different issue, which is described in VU#814627. The default configuration of Sendmail is not vulnerable to VU#814627.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware

Updated:  August 13, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Slackware changelogs reflect patches to glibc libraries:


Tue Jul 30 19:45:52 PDT 2002
...
 (* Security fix *)
patches/packages/glibc-2.2.5-i386-3.tgz:  Patched to fix a buffer overflow
  in glibc's DNS resolver functions that look up network addresses.
  Another workaround for this problem is to edit /etc/nsswtich.conf changing:
    networks:       files dns
  to:
    networks:       files
  (* Security fix *)
patches/packages/glibc-solibs-2.2.5-i386-3.tgz:  Patched to fix a buffer
  overflow in glibc's DNS resolver functions that look up network addresses.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sorceror Linux

Updated:  April 15, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

<http://www.securityfocus.com/archive/1/314179/2003-03-05/2003-03-11/0>

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc.

Notified:  June 27, 2002 Updated:  July 25, 2002

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package:                bind, glibc
       Announcement-ID:        SuSE-SA:2002:026
       Date:                   Tue Jul 09 2002
       Affected products:      7.0, 7.1, 7.2, 7.3, 8.0
SuSE Linux Enterprise Server for S/390,
SuSE Linux Database Server,
SuSE eMail Server III,
SuSE Linux Enterprise Server,
SuSE Linux Firewall on CD
       Vulnerability Type:     buffer overflow
       Severity (1-10):        3
       SuSE default package:   yes
Cross References:CERT CA-2002-19; CVE CAN-2002-0651

    Content of this advisory:
1) security vulnerability resolved: buffer overflow in
  dig, host, and nslookup utilities.
          problem description, discussion, solution and upgrade information
       2) pending vulnerabilities, solutions, workarounds
       3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    A vulnerability has been discovered in some resolver library
   functions. The affected code goes back to the resolver library
   shipped as part of BIND4; code derived from it has been included
   in later BIND releases as well as the GNU libc.

    The bug itself is a buffer overflow that can be triggered if a
   DNS server sends multiple CNAME records in a DNS response.

    This bug has been fixed for the gethostbyXXX class of functions
   in GNU libc in 1999. Unfortunately, there is similar code in the
   getnetbyXXX functions in recent glibc implementations, and
   the code is enabled by default. However, these functions are
   used by very few applications only, such as ifconfig and ifuser,
   which makes exploits less likely.

    We will make updated glibc packages available as they have gone
   through our build system, but without separate announcements.

    Until glibc patches are available, we recommend that you disable
   DNS lookups of network names in nsswitch.conf. Simply replace the
   line containing the tag "networks:" with this line:

networks: files

    In the unlikely event that you've configured any name to network
   mapping via DNS, make sure you copy this information to
   /etc/networks.

    The resolver bug is also present in the libbind library included
   in BIND. This library is used by utilities from the bindutil package.

    We are therefore providing security updates for bind8 that
   address this vulnerability. As communicated previously (1),
   the SuSE security team is not providing fixes for BIND4 anymore.

    The bind9 packages shipped by SuSE are not vulnerable.

    Please download the update package for your distribution and
   verify its integrity by the methods listed in section 3) of this
   announcement.

    Apply the updata packages (bindutil, bind8) package using

rpm -Fvh bind*.rpm

    If you are running the BIND name server, you should restart the name
   server process by issuing

    rcnamed restart

    Our maintenance customers are being notified individually. The
   packages are being offered to install from the maintenance web.

    References:
(1)
http://www.suse.de/de/support/security/adv004_ssh.html


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

  - There is a format string bug in the "nn" news reader that can
   be exploited by a malicious NNTP server to execute arbitrary
   commands within the client user's account. We will be releasing
   updated packages.

______________________________________________________________________________

3)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SuSE update packages are available on many mirror ftp servers all over
   the world. While this service is being considered valuable and important
   to the free and open source software community, many users wish to be
   sure about the origin of the package and its content before installing
   the package. There are two verification methods that can be used
   independently from each other to prove the authenticity of a downloaded
   file or rpm package:
   1) md5sums as provided in the (cryptographically signed) announcement.
   2) using the internal gpg signatures of the rpm package.

    1) execute the command
       md5sum <name-of-the-file.rpm>
      after you downloaded the file from a SuSE ftp server or its mirrors.
      Then, compare the resulting md5sum with the one that is listed in the
      announcement. Since the announcement containing the checksums is
      cryptographically signed (usually using the key security@suse.de),
      the checksums show proof of the authenticity of the package.
      We disrecommend to subscribe to security lists which cause the
      email message containing the announcement to be modified so that
      the signature does not match after transport through the mailing
      list software.
      Downsides: You must be able to verify the authenticity of the
      announcement in the first place. If RPM packages are being rebuilt
      and a new version of a package is published on the ftp server, all
      md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
      of an rpm package. Use the command
       rpm -v --checksig <file.rpm>
      to verify the signature of the package, where <file.rpm> is the
      filename of the rpm package that you have downloaded. Of course,
      package authenticity verification can only target an uninstalled rpm
      package file.
      Prerequisites:
       a) gpg is installed
       b) The package is signed using a certain key. The public part of this
          key must be installed by the gpg program in the directory
          ~/.gnupg/ under the user's home directory who performs the
          signature verification (usually root). You can import the key
          that is used by SuSE in rpm packages for SuSE Linux by saving
          this announcement to a file ("announcement.txt") and
          running the command (do "su -" to be root):
           gpg --batch; gpg < announcement.txt | gpg --import
          SuSE Linux distributions version 7.1 and thereafter install the
          key "build@suse.de" upon installation or upgrade, provided that
          the package gpg is installed. The file containing the public key
          is placed at the toplevel directory of the first CD (pubring.gpg)
          and at
ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SuSE runs two security mailing lists to which any interested party may
   subscribe:

    suse-security@suse.com
       -   general/linux/SuSE security discussion.
           All SuSE security announcements are sent to this list.
           To subscribe, send an email to
               <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
       -   SuSE's announce-only mailing list.
           Only SuSE's security annoucements are sent to this list.
           To subscribe, send an email to
               <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
   send mail to:
       <suse-security-info@suse.com> or
       <suse-security-faq@suse.com> respectively.

    =====================================================================
   SuSE's security contact is <security@suse.com> or <security@suse.de>.
   The <security@suse.de> public key is listed below.
   =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
   provided that the advisory is not modified in any way. In particular,
   it is desired that the cleartext signature shows proof of the
   authenticity of the text.
   SuSE Linux AG makes no warranties of any kind whatsoever with respect
   to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see
http://www.gnupg.org

iQEVAwUBPSyDnney5gA9JdPZAQFmswf8DjL+C4M3TP+iySk7sPqR7znMEO1+Zu5v
SA64ygjQthQUfJAX3LSWndmb7WEZyRvxeH7eOwqftv3o6846c1NdEQfnrJrtv4Ah
c6mPXBnYbY0J3fR9yoz8DdvsOQ/OcOIfzUjNiC5arxEyoD+LbS6bjtNorUio5s/P
q6otWJt+vkVhYHEyZJeA+4T1mrXs1dpGXUh1+k4kytfQ5d3w1Sv2QE5wahB0d0xD
zUXGtGEWTSaO5r3OF3W6zY7pC2hpVTXPrNsgX+WsUFZhl6hgdEhkMAQl7H7doNVy
Ofxp9XrHrDhwEvGKBALMJ8LmjdR0ES+NOs0qGTJTpjQCTuuG8TiOkw==
=e3AP
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Notified:  June 27, 2002 Updated:  August 28, 2002

Status

  Vulnerable

Vendor Statement

The Solaris DNS resolver library (libresolv.so) is affected by this issue in all currently supported versions of Solaris:


    Solaris 2.5.1, 2.6, 7, 8, and 9
Sun has released patches as specified in Sun Alert ID .

Sun Security Bulletins are available from:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group

Notified:  June 27, 2002 Updated:  September 13, 2002

Status

  Vulnerable

Vendor Statement

Please see Caldera Security Advisory CSSA-2002-034.1 (OpenLinux) and CSSA-2002-SCO.37 (UnixWare).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix

Updated:  August 14, 2002

Status

  Vulnerable

Vendor Statement

Please see Trustix Secure Linux Security Advisory #2002-0061 (BIND) and #2002-0067 (glibc).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox Corporation

Notified:  June 27, 2002 Updated:  April 15, 2003

Status

  Vulnerable

Vendor Statement

A response to this vulnerability is available from our web site:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc.

Notified:  June 27, 2002 Updated:  July 01, 2002

Status

  Not Vulnerable

Vendor Statement

Mac OS X and Mac OS X Server are not vulnerable to the issue described in this notice.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNU adns

Updated:  June 28, 2002

Status

  Not Vulnerable

Vendor Statement

adns is not derived from BIND libresolv. Furthermore, it does not support a gethostbyname-like interface (which is where the bug in BIND libresolv is). Therefore, it is not vulnerable.

For more information on GNU adns, see:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  June 27, 2002 Updated:  June 28, 2002

Status

  Not Vulnerable

Vendor Statement

Microsoft products do not use the libraries in question. Microsoft products are not affected by this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified:  June 27, 2002 Updated:  July 25, 2002

Status

  Not Vulnerable

Vendor Statement

SGI IRIX is not vulnerable. Please see SGI Security Advisory 20020701-01-I for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

djbdns

Notified:  June 27, 2002 Updated:  April 16, 2003

Status

  Not Vulnerable

Vendor Statement

djbdns does not have these bugs. djbdns has never used any BIND-derived code. djbdns, including the djbdns client library, is covered by a $500 security guarantee. The djbdns client library is free for use by other packages in place of BIND's libresolv. See http://cr.yp.to/djbdns.html.

Elsewhere in this advisory, CERT and the BIND company suggest that administrators do not need to rush to upgrade their libresolv-based clients if they are using BIND 9 caches. The idea is that (1) BIND 9 caches never put CNAME records into the answer section of a DNS packet except at the top and (2) the BIND company believes that these libresolv bugs cannot be triggered by answer sections with all CNAME records at the top.

dnscache, the caching component of djbdns, is like the BIND 9 cache in all relevant respects. Specifically, it never puts CNAME records into the answer section except at the top. (This is the normal behavior for DNS caches; BIND 4 and BIND 8 are abnormal.)

However, it is simply not true that clients are protected by caches. Attackers can send unusual packets directly to clients, using the same well-known techniques used to selectively forge DNS responses. I do not endorse the suggestion of relying on caches (whether BIND 9 or dnscache) as a ``solution'' to the libresolv bugs. All libresolv-based clients must be upgraded immediately.

There are exceptions. Sites that use a local dnscache on every machine, with local firewalls preventing forgery of 127.0.0.1 and with proper IP-address checks in client libraries, are immune to cache-to-client packet forgery, as are sites that use IPSEC. However, even at those sites, libresolv-based clients should be upgraded immediately; the ability of the cache to take control of client programs, rather than simply providing DNS data, is a violation of standard security policy.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3Com

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BIND/NT

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BlueCat Networks

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point

Notified:  July 03, 2002 Updated:  April 15, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

<http://www.checkpoint.com/techsupport/documentation/smartdefense/2002/cpai-2002-09.html>

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems Inc.

Notified:  June 27, 2002 Updated:  July 06, 2002

Status

  Unknown

Vendor Statement

Cisco Systems is evaluating the vulnerabilities identified by VU#803539. Should an issue be found, Cisco will release a Security Advisory. The most up-to-date information on all Cisco product security issues may be found at

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data General

Notified:  June 27, 2002 Updated:  June 28, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  June 27, 2002 Updated:  June 27, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InfoBlox

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Software

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  June 27, 2002 Updated:  July 02, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Men&Mice

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nixu

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell

Notified:  July 01, 2002 Updated:  July 26, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Oracle Corporation

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Process Software

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ShadowSupport

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Threshold Networks

Notified:  July 03, 2002 Updated:  July 03, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisphere Networks

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  June 27, 2002 Updated:  June 30, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems Inc.

Updated:  June 26, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 63 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

The CERT/CC thanks PINE-CERT for reporting this vulnerability and The FreeBSD Project, the NetBSD Project, and David Conrad of Nominum for information used in this document.

This document was written by Art Manion.

Other Information

CVE IDs: CVE-2002-0651
CERT Advisory: CA-2002-19
Severity Metric: 29.72
Date Public: 2002-06-26
Date First Published: 2002-06-27
Date Last Updated: 2003-04-16 14:37 UTC
Document Revision: 58

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.