OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lubomir Sedlacik (saloXtrmntr.org)
Date: Wed Jun 26 2002 - 18:40:12 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    any closer info? will there be official advisory released?

    thanks,

    ----- Forwarded message from Mark Lastdrager <markpine.nl> -----

    Date: Wed, 26 Jun 2002 09:37:16 +0200
    From: Mark Lastdrager <markpine.nl>
    To: bugtraqsecurityfocus.com
    Cc: vulnwatchvulnwatch.org, vuln-devsecurityfocus.com,
            editorsdaemonnews.org
    Subject: Remote buffer overflow in resolver code of libc

    Please find advisory attached.

    Mark Lastdrager 

    --
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728
Today's excuse: Radial Telemetry Infiltration

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

     -----------------------------------------------------------------------------
 Pine Internet Security Advisory
 -----------------------------------------------------------------------------
 Advisory ID       : PINE-CERT-20020601 
 Authors           : Joost Pol <joostpine.nl>
 Issue date        : 2002-06-25 
 Application       : Multiple
 Version(s)        : Multiple 
 Platforms         : FreeBSD, OpenBSD, NetBSD, maybe more. 
 Availability      : http://www.pine.nl/advisories/pine-cert-20020601.txt
 -----------------------------------------------------------------------------

    Synopsis

    	There is a remote buffer overflow in the resolver code of libc.

    Impact

    	Serious.

    	Exploitability will vary on application-specific issues.

    Description

    	There is a slight mistake in the resolver code of libc.

    	This will allow an attacker-controlled DNS server to reply
	with a carefully crafted message to (for example) a
	gethostbyname request.
	
	This reply will trigger the buffer overflow

    Solution

    	FreeBSD, NetBSD and OpenBSD CVS have been updated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)

    iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0
rLNudIKentqTZeIXslcTi2c=
=xNWe
-----END PGP SIGNATURE-----

    ----- End forwarded message -----

    -- 
-- Lubomir Sedlacik <saloXtrmntr.org>   ASCII Ribbon campaign against  /"\ --
--                  <salosilcnet.org>   e-mail in gratuitous HTML and  \ / --
--                                       Microsoft proprietary formats   X  --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \ --
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2      --

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (NetBSD)

    iD8DBQE9GlDcWc63C347cOIRArgHAKDv0ep5YWGaCLoT1DWYpKtDMCm7EgCglAvb zeQFo2z+mKFHGPmHurkiHvY= =aZDE -----END PGP SIGNATURE-----