|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steven M. Christey (coley_at_LINUS.MITRE.ORG)
Date: Thu Jul 11 2002 - 02:04:40 CDT
It is important to note that this issue applies to more than BIND.
As described in the CERT advisory, this can also affect network
applications that use C libraries like libc and glibc, or derived
code.
As I read it, it may also affect client programs, as implied by CERT:
"[There is a] buffer overflow vulnerability in the way the resolver
handles DNS responses... any DNS resolver implementation that derives
code from either of these libraries may also be vulnerable. Network
applications that makes [sic] use of vulnerable resolver libraries are
likely to be affected, therefore this problem is not limited to DNS or
BIND servers." The problem ultimately stems from a single codebase.
- Steve
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]