On 7/25/02 4:11 AM, "Patrick Andry" <pandrywolverinefreight.ca> wrote:
> Probably an exploit based on this:
> (from http://www.isc.org/products/BIND/bind-security.html )
> Name: "libbind buffer overflow"

Just to be clear, this vulnerability does not affect the BIND servers, but
rather any application linked to the resolver library (which many vendors
include in their libc). I'm skeptical that if this exploit is real, it is
based on this bug as the libc in Linux has been fixed since 2.2.5 (1999 or
so, I'm told) and the exploit references recent versions of Linux.

> I don't think that you're seeing a 0-day exploit, but maybe someone at the ISC
> would want a copy of it to check it out.

Yes, they would.

Rgds,
-drc

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]