MandrakeSoft Information for VU#738331

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow



Vendor Statement

Mandrake Linux 7.1 and 7.2, which ship with BIND 8.x, already have been updated to BIND version 8.3.3, which is not vulnerable to this problem. Mandrake Linux 8.0 and higher ship with BIND 9.x which is also not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Most Linux distributions include the GNU glibc library that contains vulnerable DNS resolver functions. MandrakeSoft has also released MDKSA-2002:063 (fetchmail) and MDKSA-2002:075 (nss_ldap).

If you have feedback, comments, or additional information about this vulnerability, please send us email.