Secure Computing Corporation Information for VU#803539
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
- Vendor Information Help Date Notified: 02 Jul 2002
- Statement Date:
- Date Updated: 18 Jul 2002
This is the official Secure Computing response to CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries. Note that we are currently supporting three different firewalls with different solutions to this vulnerability.
GAUNTLET (tm) FIREWALL & VPN (5.X and 6.0)
Gauntlet software users should contact their operating system vendor for a revised version of the library (on Solaris it is libresolv.so, on HP-UX it is libnss_dns.1) in question and apply it as soon as it is available.
GAUNTLET E-PPLIANCE FIREWALL & VPN (EPL 1.X and 2.0)
Gauntlet e-ppliance would be vulnerable to this theoretical attack. Secure Computing engineering is currently examining the issue in preparation for a patch for the e-ppliance 300 and 1000 (all versions).
SIDEWINDER(tm) FIREWALL & VPN (all releases including Sidewinder Appliance)
This buffer overflow vulnerability can not be exploited to gain access to, or gain any valuable information from a Sidewinder. An attack against one of the Sidewinder components using this vulnerability would yield no special privileges (such as root access, shell access, configuration information, etc.) due to Sidewinder's SecureOS(tm) Type Enforcement(tm) technology (TE).
None of Sidewinder's critical services (proxies, ACL engine, etc.) do direct DNS processing. Resolution is done by 'self contained' DNS resolver processes which are not granted Type Enforcement access to any of the services configuration data, nor could it access the data contained by the service sessions, nor even execute a shell. This process has no access to any system resources useful to an attacker. And of course, there is no useful concept of root privilege on Sidewinder.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.