DNS Resolver Library
Updated 11/14/02
CAN 2002-0029
CAN 2002-0651
CAN 2002-0684
Impact
A remote attacker could execute arbitrary commands on any
machine running any application which uses a vulnerable
version of the DNS resolver library.
Background
Many applications use the Domain Name Service (DNS) to
translate host names (such as host.domain.com)
to IP addresses which are used to route traffic across
the network. Applications which use DNS usually use a
resolver library, which is a common set of code used
by various applications to perform the DNS resolution
functions.
The Problem
6/28/02
CAN 2002-0651
CAN 2002-0684
A buffer overflow in both the BIND DNS resolver library and
the BSD DNS resolver library could allow a remote attacker
to execute arbitary commands. Any application which uses
either of these two resolver libraries are affected.
BIND versions 4.8.3 through 4.9.8, versions 8.0 through
8.2.5, versions 8.3 through 8.3.2, and versions 9.2.0
and 9.2.1 are affected by this vulnerability.
But it is important to understand that, even though SAINT
checks for this vulnerability only in DNS servers,
any application which uses a vulnerable resolver
library is affected.
11/14/02
CAN 2002-0029
A similar but separate vulnerability affects BIND 4.9.2
through 4.9.10.
Resolution
Install a fixed version of the resolver library from your
vendor when it becomes available. Note that fixing the
library alone will not be sufficient to fix statically-linked
programs. Such programs will need to be recompiled. For
more information, consult the vendor of the particular
application.
Upgrade BIND to version 4.9.11, 8.3.4, or 9.2.2 when
it becomes available. If 9.2.2 is not available, BIND 9
users should use the resolver library from BIND 8.3.3 or
8.3.4.
Where can I read more about this?
These vulnerabilities were announced in
CERT Advisory 2002-19 and
CERT
Vulnerability Note #844360.