From owner-freebsd-security  Wed Jun 26 18: 0: 4 2002
Delivered-To: freebsd-security@freebsd.org
Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236])
	by hub.freebsd.org (Postfix) with ESMTP id C1A5737C56D
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 16:51:17 -0700 (PDT)
Received: from drugs.dv.isc.org (localhost.dv.isc.org [127.0.0.1])
	by drugs.dv.isc.org (8.12.3/8.12.3) with ESMTP id g5QNpFm0029015;
	Thu, 27 Jun 2002 09:51:15 +1000 (EST)
	(envelope-from marka@drugs.dv.isc.org)
Message-Id: <200206262351.g5QNpFm0029015@drugs.dv.isc.org>
To: Alain Thivillon <at@rominet.net>
Cc: freebsd-security@FreeBSD.ORG
From: Mark.Andrews@isc.org
Subject: Re: bsd libc dns resolving code vulnerable? 
In-reply-to: Your message of "Wed, 26 Jun 2002 17:39:54 +0200."
             <20020626153954.GL9492@roadrunner.rominet.net> 
Date: Thu, 27 Jun 2002 09:51:15 +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> > > http://www.pine.nl/advisories/pine-cert-20020601.txt
> > > 
> > > Any comments?
> > 
> > Fixed in -CURRENT, RELENG_4, and RELENG_4_6 early this morning.  I
> > believe Warner is fixing RELENG_4_5 at the moment.  When that is done,
> > an advisory will be published.
> > 
> > In short: upgrade.  Be sure to recompile any statically linked
> > applications that use DNS.
> 
> Do you know if using a local caching name server will prevent
> exploitation ? In short, does for example bind filters the responses
> leading to an overflow ? In this case, i will classify this to
> non-critical bug, because if someone has root access to your nameserver,
> you are in trouble, even without overflow in libc.

	As long as your nameserver constructs the response and doesn't
	forward it you are fine.  BIND 9 alway constucts the response
	(UPDATE forwarding aside).  BIND 8 sometimes constructs the
	response and sometimes forwards it.

	Mark
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message