Libc Buffer Overflow in gethostnamadr() and getnetnamadr() Functions May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1004635
|
|
CVE Reference: CAN-2002-0684
(Links to External Site)
|
Updated: Nov 16 2003
|
Original Entry Date: Jun 26 2002
|
Impact: Execution of arbitrary code via network, Root access via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A buffer overflow vulnerability was reported in 'libc'. A remote user with control over a DNS server could cause arbitrary code to be executed on the system when the system resolves an address.
Pine Internet released a security advisory for 'libc' warning of a buffer overflow in the resolver code of libc.
A remote user
with control over a DNS server can send a specially crafted reply to the target host when the target host makes a certain DNS query.
The
flaw appears to reside in the gethostnamadr() and getnetnamadr() functions.
|
Impact: A remote user could cause arbitrary code to be run on the system in certain situations. The privileges that the code would run with depend on the privileges of the calling routine that uses the affected libc components.
|
Solution: The FreeBSD, NetBSD and OpenBSD CVS source has been updated. Additional alerts will likely be issued for vendor-specific distributions
of libc. Check with your vendor for the fix or view the Message History to see if your vendor has issued an alert.
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Underlying OS Comments: BSD-based systems are affected; However, this may also affect other UNIX and Linux based systems
|
Reported By: Mark Lastdrager <mark@pine.nl>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 26 Jun 2002 09:37:16 +0200
From: Mark Lastdrager <mark@pine.nl>
Subject: [VulnWatch] Remote buffer overflow in resolver code of libc
|
--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Please find advisory attached.
Mark Lastdrager
--
Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011
PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728
Today's excuse: Radial Telemetry Infiltration
--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pine-cert-20020601.txt"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----------------------------------------------------------------------------
Pine Internet Security Advisory
-----------------------------------------------------------------------------
Advisory ID : PINE-CERT-20020601
Authors : Joost Pol <joost@pine.nl>
Issue date : 2002-06-25
Application : Multiple
Version(s) : Multiple
Platforms : FreeBSD, OpenBSD, NetBSD, maybe more.
Availability : http://www.pine.nl/advisories/pine-cert-20020601.txt
-----------------------------------------------------------------------------
Synopsis
There is a remote buffer overflow in the resolver code of libc.
Impact
Serious.
Exploitability will vary on application-specific issues.
Description
There is a slight mistake in the resolver code of libc.
This will allow an attacker-controlled DNS server to reply
with a carefully crafted message to (for example) a
gethostbyname request.
This reply will trigger the buffer overflow
Solution
FreeBSD, NetBSD and OpenBSD CVS have been updated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)
iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0
rLNudIKentqTZeIXslcTi2c=
=xNWe
-----END PGP SIGNATURE-----
--1UWUbFP1cBYEclgG--
|
|
