[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code.

Steve Foster fosters at uk.psi.com
Tue Jul 30 15:53:59 UTC 2002


At 15:25 30/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:

>Yes, your resolver code is vulnerable.
>
>This is not a nameserver problem per se, but is located in the
>resolver ( part of libc ) + all your statically linked binaries
>that has resolver code within.
>
>The proper upgrade is from sun.

Hi,

does anybody have a link to a specific patch from Sun, as their security
bulletins seem out of date, and don't have resolver patches listed.

we have upgraded all of our customer and internal resolvers to bind9, but i
would also like to apply the updated patches to all of our servers as well..

many ta's

Steve
Steve Foster
Senior Systems Administrator
PSINet Europe
Work: +44 (1223) 577322
Mobile: +44 (7720) 425911


More information about the bind-users mailing list