Please find advisory attached.

Mark Lastdrager

--
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728
Today's excuse: Radial Telemetry Infiltration
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------------------
 Pine Internet Security Advisory
 -----------------------------------------------------------------------------
 Advisory ID       : PINE-CERT-20020601 
 Authors           : Joost Pol <[EMAIL PROTECTED]>
 Issue date        : 2002-06-25 
 Application       : Multiple
 Version(s)        : Multiple 
 Platforms         : FreeBSD, OpenBSD, NetBSD, maybe more. 
 Availability      : http://www.pine.nl/advisories/pine-cert-20020601.txt
 -----------------------------------------------------------------------------

Synopsis

        There is a remote buffer overflow in the resolver code of libc.

Impact

        Serious.

        Exploitability will vary on application-specific issues.

Description

        There is a slight mistake in the resolver code of libc.

        This will allow an attacker-controlled DNS server to reply
        with a carefully crafted message to (for example) a
        gethostbyname request.
        
        This reply will trigger the buffer overflow

Solution

        FreeBSD, NetBSD and OpenBSD CVS have been updated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)

iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0
rLNudIKentqTZeIXslcTi2c=
=xNWe
-----END PGP SIGNATURE-----

Reply via email to