Please find advisory attached. Mark Lastdrager -- Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011 PGP 0xFF0EA728 fpr 57D2 CD16 5908 A8F0 9F33 AAA3 AFA0 24EF FF0E A728 Today's excuse: Radial Telemetry Infiltration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------------- Pine Internet Security Advisory ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020601 Authors : Joost Pol <joost@pine.nl> Issue date : 2002-06-25 Application : Multiple Version(s) : Multiple Platforms : FreeBSD, OpenBSD, NetBSD, maybe more. Availability : http://www.pine.nl/advisories/pine-cert-20020601.txt ----------------------------------------------------------------------------- Synopsis There is a remote buffer overflow in the resolver code of libc. Impact Serious. Exploitability will vary on application-specific issues. Description There is a slight mistake in the resolver code of libc. This will allow an attacker-controlled DNS server to reply with a carefully crafted message to (for example) a gethostbyname request. This reply will trigger the buffer overflow Solution FreeBSD, NetBSD and OpenBSD CVS have been updated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iD8DBQE9GWfH0jbIKvNgu5MRAthDAKCBd18Ti5TH9Nts5LszRXfVJ+KXOwCfRDx0 rLNudIKentqTZeIXslcTi2c= =xNWe -----END PGP SIGNATURE-----
