[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code.
Steve Foster
fosters at uk.psi.com
Tue Jul 30 16:54:27 UTC 2002
At 16:53 30/07/02 +0100, you wrote:
>
>At 15:25 30/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:
>
>>Yes, your resolver code is vulnerable.
>>
>>This is not a nameserver problem per se, but is located in the
>>resolver ( part of libc ) + all your statically linked binaries
>>that has resolver code within.
>>
>>The proper upgrade is from sun.
>
>Hi,
>
>does anybody have a link to a specific patch from Sun, as their security
>bulletins seem out of date, and don't have resolver patches listed.
all,
i have found a link to the documents, and the temporary patches, though
they do say they won't necessary release proper patches:
http://de.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46042&zone_32=c
ategory%3Asecurity
HTH
Steve
Steve Foster
Senior Systems Administrator
PSINet Europe
Work: +44 (1223) 577322
Mobile: +44 (7720) 425911
More information about the bind-users
mailing list