ISC Information for VU#738331
Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 16 Oct 2002
Internet Software Consortium Security Advisary.
LIBBIND/LIBRESOLV: Denial of Service.
8 August 2002
BIND 4 prior to 4.9.10
BIND 8 prior to 8.2.5
Type: Denial of service
When looking up address (gethostbyname(), gethostbyaddr()
etc.) a less than maximum sized buffer is passed to
res_search() / res_query(). If the answer is too large
to fit in the buffer the size of buffer required is
returned along with the part of the message that will fit.
This value is not checked and is passed to getanswer which
then may read past the end of the buffer depending up the
contents in the answer section.
THIS DOES NOT AFFECT THE NAMESERVER.
THIS CAN BE TRANSMITTED THROUGH CACHES.
BIND 9 is NOT affected.
BIND 8.3.x is NOT affected.
This bug may exist in other applications that call the
None. Upgrade and re-linking required.
Applications linked against vulnerable versions of the
libraries may die with segmentation violations /
Upgrade to BIND 4.9.10 or preferably BIND 8.3.3.
BIND 4 is officially deprecated. Only security
fixes will be issued for BIND 4.
be prepared to redo the calls res_search(), res_query(),
res_send(), res_nsearch(), res_nquery() and res_send()
with a bigger buffer or take the minimum of the answer
buffer size and the value returned by these calls and
be aware that the answer is truncated.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.