Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-05 Thread sen_ml
Hi, From: Florian Weimer [EMAIL PROTECTED] Subject: Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Date: Fri, 05 Jul 2002 12:20:06 +0200 [EMAIL PROTECTED] writes: Ah, I see your in-depth post on Bugtraq now (-; http://msgs.securepoint.com/cgi-bin/get

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-04 Thread Florian Weimer
[EMAIL PROTECTED] writes: I see a claim that glibc isn't vulnerable at: http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/AAMN-5BMSW2 Any comments? GNU libc in its current version does contain incorrect code from BIND 4.9. It is vulnerable, though not in the way initially described by

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-04 Thread sen_ml
what the rest of summer vacation has in store for us... From: Florian Weimer Subject: Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Date: Thu, 04 Jul 2002 08:40:31 +0200 [EMAIL PROTECTED] writes: I see a claim that glibc isn't vulnerable at: http

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-03 Thread sen_ml
[Trying again w/ an attempt to graft on to an existing thread.] Hi, I see a claim that glibc isn't vulnerable at: http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/AAMN-5BMSW2 Any comments? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-02 Thread sen_ml
Hi, I see a claim that glibc isn't vulnerable at: http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/AAMN-5BMSW2 Any comments? (Sorry about breaking the thread -- I only just recently subscribed and don't have the messages in this thread in my mailer) -- To UNSUBSCRIBE, email to [EMAIL

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread J.H.M. Dassen \(Ray\)
On Mon, Jul 01, 2002 at 11:23:08 +0100, Sam Vilain wrote: Does anyone know if this affects Debian? This has been fixed; see http://bugs.debian.org/151342 for details. HTH, Ray -- Gartner Group ?!? Never heard of them. What did they do in computing except manage to put on their tie

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Sam Vilain
J.H.M. Dassen (Ray) [EMAIL PROTECTED] wrote: Does anyone know if this affects Debian? This has been fixed; see http://bugs.debian.org/151342 for details. Excellent. To summarise that bug report for the benefit of those interested, if you are running any of the following packages: bind9

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Dominik Thinay
On Mon, 1 Jul 2002 13:02:34 +0100 Sam Vilain [EMAIL PROTECTED] wrote: J.H.M. Dassen (Ray) [EMAIL PROTECTED] wrote: Does anyone know if this affects Debian? This has been fixed; see http://bugs.debian.org/151342 for details. Excellent. To summarise that bug report for the benefit of

RE: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Jeff Armstrong
-Original Message- From: J.H.M. Dassen (Ray) [mailto:[EMAIL PROTECTED] Sent: 01 July 2002 11:42 Cc: debian-security@lists.debian.org Subject: Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries On Mon, Jul 01, 2002 at 11:23:08 +0100, Sam Vilain wrote

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread J.H.M. Dassen \(Ray\)
On Mon, Jul 01, 2002 at 13:24:37 +0100, Jeff Armstrong wrote: -Original Message- From: J.H.M. Dassen (Ray) [mailto:[EMAIL PROTECTED] This has been fixed; see http://bugs.debian.org/151342 for details. I don't think this is 'fixed'? Sam spoke of libisc4/libdns5 which exist only

RE: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Jeff Armstrong
-Original Message- From: J.H.M. Dassen (Ray) [mailto:[EMAIL PROTECTED] Sent: 01 July 2002 14:03 To: debian-security@lists.debian.org Subject: Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries On Mon, Jul 01, 2002 at 13:24:37 +0100, Jeff Armstrong

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Florian Weimer
Jeff Armstrong [EMAIL PROTECTED] writes: libc6 is indeed a big package and the Pine announcement seems rather general, if we are lucky, Debians libresolv.so wont need an update. I wouldn't count on it. But there aren't any updates in the GNU libc CVS yet. -- Florian Weimer

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Hubert Chan
Jeff == Jeff Armstrong [EMAIL PROTECTED] writes: [...] Jeff libc6 is indeed a big package and the Pine announcement seems Jeff rather general, if we are lucky, Debians libresolv.so wont need an Jeff update. The Pine announcement only mentions the libc from BSD-based systems, which is different

CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-07-01 Thread Sam Vilain
Does anyone know if this affects Debian? Apologies if this is old hat. Does it just need to be patched in libisc4/libdns5 ? -BEGIN PGP SIGNED MESSAGE- CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Original release date: June 28, 2002 Last revised

Fw: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

2002-06-30 Thread Andrew Tait
- The Matrix - Original Message - From: CERT Advisory cert-advisory@cert.org To: cert-advisory@cert.org Sent: Saturday, June 29, 2002 7:18 AM Subject: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries -BEGIN PGP SIGNED MESSAGE- CERT Advisory CA-2002-19