CVE-2002-0651
CVSS7.5
发布时间 :2002-07-03 00:00:00
修订时间 :2016-10-17 22:21:04
NMCOS    

[原文]Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.


[CNNVD]多家厂商DNS解析函数库远程缓冲区溢出漏洞(CNNVD-200207-032)

        
        BSD中的libc库和ISC BIND包含DNS查询功能,用于对DNS信息进行解析。
        BSD和ISC BIND使用的DNS解析库在处理DNS应答信息时存在漏洞,远程攻击者可以利用此漏洞伪造DNS信息进行应答而以解析DNS信息的应用程序进程的权限在目标系统上执行任意指令。
        域名系统DNS提供相关IP网络和设备的名字,地址和其他相关的信息,通过发送DNS请求和解析DNS应答,操作系统可以访问DNS信息,当IP网络应用程序需要访问或者处理DNS信息时,它会调用DNS分支解析库中的函数,这些函数在系统中是底部网络操作系统中的一部分,在基于BSD的系统中,DNS分支解析函数由系统libc库实现,而在ISC BIND中,它们由libbind实现。
        问题存在于lib/libc/net/gethnamaddr.c:getanswer()和lib/libc/net/getnetnamadr.c:getnetanswer()函数中,DNS信息有特殊的字节对齐需要,用于在信息中进行填充,而在这两个函数在处理中,当计算可用缓冲空间时没有进行充分考虑,结果导致解析DNS信息时产生缓冲区溢出,精心构建的DNS应答信息可能以解析DNS信息的应用程序进程的权限执行任意指令。
        值得注意的是此漏洞不同于普通的网络守护程序缓冲区溢出,任何执行外出DNS查询的主机都可能存在此漏洞,攻击者甚至可以使用HTML形式,嵌入伪造DNS服务器对象的电子邮件发送给netscape用户而触发。所以任何使用这个有漏洞的解析库应用程序都存在此漏洞,使用静态连接的应用程序需要使用修正过的解析库进行重新编译。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4190Buffer Overflow in DNS Resolver Library
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0651
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-032
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
(UNKNOWN)  CALDERA  CSSA-2002-SCO.39
ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
(UNKNOWN)  CALDERA  CSSA-2002-SCO.37
ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2002-006
ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
(UNKNOWN)  SGI  20020701-01-I
http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
(UNKNOWN)  AIXAPAR  IY32746
http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
(UNKNOWN)  ENGARDE  ESA-20020724-018
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
(UNKNOWN)  NTBUGTRAQ  20020703 Buffer overflow and DoS i BIND
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
(UNKNOWN)  CONECTIVA  CLSA-2002:507
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
(UNKNOWN)  MANDRAKE  MDKSA-2002:038
http://marc.info/?l=bugtraq&m=102513011311504&w=2
(UNKNOWN)  BUGTRAQ  20020626 Remote buffer overflow in resolver code of libc
http://marc.info/?l=bugtraq&m=102520962320134&w=2
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:28
http://marc.info/?l=bugtraq&m=102579743329251&w=2
(UNKNOWN)  BUGTRAQ  20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
http://rhn.redhat.com/errata/RHSA-2002-139.html
(UNKNOWN)  REDHAT  RHSA-2002:139
http://www.cert.org/advisories/CA-2002-19.html
(VENDOR_ADVISORY)  CERT  CA-2002-19
http://www.iss.net/security_center/static/9432.php
(VENDOR_ADVISORY)  XF  dns-resolver-lib-bo(9432)
http://www.kb.cert.org/vuls/id/803539
(UNKNOWN)  CERT-VN  VU#803539
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:043
http://www.pine.nl/advisories/pine-cert-20020601.txt
(UNKNOWN)  MISC  http://www.pine.nl/advisories/pine-cert-20020601.txt
http://www.redhat.com/support/errata/RHSA-2002-119.html
(UNKNOWN)  REDHAT  RHSA-2002:119
http://www.redhat.com/support/errata/RHSA-2002-133.html
(UNKNOWN)  REDHAT  RHSA-2002:133
http://www.redhat.com/support/errata/RHSA-2002-167.html
(UNKNOWN)  REDHAT  RHSA-2002:167
http://www.redhat.com/support/errata/RHSA-2003-154.html
(UNKNOWN)  REDHAT  RHSA-2003:154
http://www.securityfocus.com/bid/5100
(UNKNOWN)  BID  5100

- 漏洞信息

多家厂商DNS解析函数库远程缓冲区溢出漏洞
高危 边界条件错误
2002-07-03 00:00:00 2005-05-13 00:00:00
远程  
        
        BSD中的libc库和ISC BIND包含DNS查询功能,用于对DNS信息进行解析。
        BSD和ISC BIND使用的DNS解析库在处理DNS应答信息时存在漏洞,远程攻击者可以利用此漏洞伪造DNS信息进行应答而以解析DNS信息的应用程序进程的权限在目标系统上执行任意指令。
        域名系统DNS提供相关IP网络和设备的名字,地址和其他相关的信息,通过发送DNS请求和解析DNS应答,操作系统可以访问DNS信息,当IP网络应用程序需要访问或者处理DNS信息时,它会调用DNS分支解析库中的函数,这些函数在系统中是底部网络操作系统中的一部分,在基于BSD的系统中,DNS分支解析函数由系统libc库实现,而在ISC BIND中,它们由libbind实现。
        问题存在于lib/libc/net/gethnamaddr.c:getanswer()和lib/libc/net/getnetnamadr.c:getnetanswer()函数中,DNS信息有特殊的字节对齐需要,用于在信息中进行填充,而在这两个函数在处理中,当计算可用缓冲空间时没有进行充分考虑,结果导致解析DNS信息时产生缓冲区溢出,精心构建的DNS应答信息可能以解析DNS信息的应用程序进程的权限执行任意指令。
        值得注意的是此漏洞不同于普通的网络守护程序缓冲区溢出,任何执行外出DNS查询的主机都可能存在此漏洞,攻击者甚至可以使用HTML形式,嵌入伪造DNS服务器对象的电子邮件发送给netscape用户而触发。所以任何使用这个有漏洞的解析库应用程序都存在此漏洞,使用静态连接的应用程序需要使用修正过的解析库进行重新编译。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 有此漏洞的系统需要指定使用信任的,能重新构建所有DNS应答的本地缓冲DNS服务器来防止恶意DNS响应。
        
         所有使用静态连接的应用程序需要使用修正过的解析库进行重新编译。
        厂商补丁:
        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:28)以及相应补丁:
        FreeBSD-SA-02:28:buffer overflow in resolver
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc
        补丁下载:
        FreeBSD Patch resolv.patch.asc
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
        修补软件步骤和命令如下:
        1)下载补丁:
         # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
         # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
        2) 执行下面的命令给程序打补丁:
         # cd /usr/src
         # patch < /path/to/patch
        3) 重新编译软件。
        ISC
        ---
        目前厂商已经在最新版本的软件中修复这个安全问题,请到厂商的主页下载:
        ftp://ftp.isc.org/isc/bind/src/4.9.9/
        ftp://ftp.isc.org/isc/bind/src/8.2.6/
        ftp://ftp.isc.org/isc/bind/src/8.3.3/
        ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.3/
        NetBSD
        ------
        NetBSD已经为此发布了一个安全公告(NetBSD-SA2002-006)以及相应补丁:
        NetBSD-SA2002-006:buffer overrun in libc DNS resolver
        链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
        安装更新软件命令如下:
         # cd src
         # cvs update -d -P -r netbsd-1-5 lib/libc/net
         # cd lib/libc
         # make cleandir dependall
         # make install
         # cd ../..
         # make dependall
         # make install
        OpenBSD
        -------
        OpenBSD已经为此发布了一个安全补丁,请到如下地址下载:
        OpenBSD OpenBSD 2.9:
        OpenBSD Patch 027_resolver.patch
        ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch
        OpenBSD OpenBSD 3.0:
        OpenBSD Patch 025_resolver.patch
        ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch
        OpenBSD OpenBSD 3.1:
        OpenBSD Patch 007_resolver.patch
        ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/007_resolver.patch
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2002:133-13)以及相应补丁:
        RHSA-2002:133-13:Updated bind packages fix buffer overflow in resolver library
        链接:https://www.redhat.com/support/errata/RHSA-2002-133.html
        补丁下载:
        Red Hat Linux 6.2:
        SRPMS:
        ftp://updates.redhat.com/6.2/en/os/SRPMS/bind-9.2.1-0.6x.3.src.rpm
        alpha:
        ftp://updates.redhat.com/6.2/en/os/alpha/bind-9.2.1-0.6x.3.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/bind-devel-9.2.1-0.6x.3.alpha.rpm
        ftp://updates.redhat.com/6.2/en/os/alpha/bind-utils-9.2.1-0.6x.3.alpha.rpm
        i386:
        ftp://updates.redhat.com/6.2/en/os/i386/bind-9.2.1-0.6x.3.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/bind-devel-9.2.1-0.6x.3.i386.rpm
        ftp://updates.redhat.com/6.2/en/os/i386/bind-utils-9.2.1-0.6x.3.i386.rpm
        sparc:
        ftp://updates.redhat.com/6.2/en/os/sparc/bind-9.2.1-0.6x.3.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/bind-devel-9.2.1-0.6x.3.sparc.rpm
        ftp://updates.redhat.com/6.2/en/os/sparc/bind-utils-9.2.1-0.6x.3.sparc.rpm
        Red Hat Linux 7.0:
        SRPMS:
        ftp://updates.redhat.com/7.0/en/os/SRPMS/bind-9.2.1-0.70.2.src.rpm
        alpha:
        ftp://updates.redhat.com/7.0/en/os/alpha/bind-9.2.1-0.70.2.alpha.rpm
        ftp://updates.redhat.com/7.0/en/os/alpha/bind-devel-9.2.1-0.70.2.alpha.rpm
        ftp://updates.redhat.com/7.0/en/os/alpha/bind-utils-9.2.1-0.70.2.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.0/en/os/i386/bind-9.2.1-0.70.2.i386.rpm
        ftp://updates.redhat.com/7.0/en/os/i386/bind-devel-9.2.1-0.70.2.i386.rpm
        ftp://updates.redhat.com/7.0/en/os/i386/bind-utils-9.2.1-0.70.2.i386.rpm
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/bind-9.2.1-0.71.1.src.rpm
        alpha:
        ftp://updates.redhat.com/7.1/en/os/alpha/bind-9.2.1-0.71.1.alpha.rpm
        ftp://updates.redhat.com/7.1/en/os/alpha/bind-devel-9.2.1-0.71.1.alpha.rpm
        ftp://updates.redhat.com/7.1/en/os/alpha/bind-utils-9.2.1-0.71.1.alpha.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/bind-9.2.1-0.71.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/bind-devel-9.2.1-0.71.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/os/i386/bind-utils-9.2.1-0.71.1.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.1/en/os/ia64/bind-9.2.1-0.71.1.ia64.rpm
        ftp://updates.redhat.com/7.1/en/os/ia64/bind-devel-9.2.1-0.71.1.ia64.rpm
        ftp://updates.redhat.com/7.1/en/os/ia64/bind-utils-9.2.1-0.71.1.ia64.rpm
        Red Hat Linux 7.2:
        SRPMS:
        

- 漏洞信息

34753
ISC BIND stub Resolver libbind Crafted Query Remote DoS
Denial of Service
Loss of Availability

- 漏洞描述

- 时间线

2002-02-26 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor libc DNS Resolver Buffer Overflow Vulnerability
Boundary Condition Error 5100
Yes No
2002-06-26 12:00:00 2009-07-11 01:56:00
Discovered by Joost Pol <joost@pine.nl>.

- 受影响的程序版本

Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6
SCO Open Server 5.0.6
SCO Open Server 5.0.5
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.0
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NetBSD NetBSD 1.4.3
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 SPARC
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.1 sh3
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4 x86
NetBSD NetBSD 1.4 SPARC
NetBSD NetBSD 1.4 arm32
NetBSD NetBSD 1.4 Alpha
NetBSD NetBSD 1.4
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
ISC BIND 9.1.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.2.5
+ OpenPKG OpenPKG 1.0
+ Trustix Secure Linux 1.5
ISC BIND 8.2.4
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
+ Trustix Secure Linux 1.2
ISC BIND 8.2.3
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Debian Linux 2.2
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
ISC BIND 8.2.2 p7
ISC BIND 8.2.2 p6
ISC BIND 8.2.2 p5
+ Caldera OpenLinux Desktop 2.3
+ Caldera UnixWare 7.1.1
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 arm
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3 68k
+ Debian Linux 2.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ IBM AIX 4.3.3
+ IBM AIX 4.3.2
+ IBM AIX 4.3.1
+ IBM AIX 4.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 7.0 J sparc
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 J alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ S.u.S.E. Linux 6.2
+ S.u.S.E. Linux 6.1 alpha
+ S.u.S.E. Linux 6.1
+ S.u.S.E. Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ Trustix Trustix Secure Linux 1.1
+ Trustix Trustix Secure Linux 1.0
ISC BIND 8.2.2 p4
ISC BIND 8.2.2 p3
ISC BIND 8.2.2 p2
ISC BIND 8.2.2 p1
ISC BIND 8.2.2
ISC BIND 8.2.1
ISC BIND 8.2
- Caldera OpenLinux 2.2
- Caldera OpenLinux 1.3
- Caldera UnixWare 7.1.1
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- RedHat Linux 6.1 i386
- RedHat Linux 6.0
- RedHat Linux 5.2 i386
- RedHat Linux 5.1
- RedHat Linux 5.0
- RedHat Linux 4.2
- RedHat Linux 4.1
- RedHat Linux 4.0
- Slackware Linux 4.0
ISC BIND 8.1.2
+ HP HP-UX 11.11
+ HP HP-UX 11.0
ISC BIND 8.1.1
ISC BIND 8.1
ISC BIND 4.9.8
ISC BIND 4.9.7
+ HP HP-UX 11.0 4
+ HP HP-UX 11.0
+ HP HP-UX 10.24
+ HP HP-UX 10.20
+ HP HP-UX 10.10
ISC BIND 4.9.6
ISC BIND 4.9.5
ISC BIND 4.9.4
ISC BIND 4.9.3
ISC BIND 4.9
IBM AIX 4.3
IBM AIX 5.1
HP LaserJet 9000MFP
HP LaserJet 4100MFP
HP LaserJet 4100
HP JetDirect J6061A
HP JetDirect J6058A
HP JetDirect J6057A
HP JetDirect J6042A
HP JetDirect J6039A
HP JetDirect J6038A
HP JetDirect J6035A
HP JetDirect J4169A
HP JetDirect J4167A
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.24
HP HP-UX 10.20
HP HP-UX 10.10
HP Digital Sender 9100C
HP colour LaserJet 4550
HP Color LaserJet 4600 0
GNU glibc 2.2.5
GNU glibc 2.2.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alphaev6
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 alphaev6
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE SUSE Linux Enterprise Server 7
GNU glibc 2.2.3
+ Conectiva Linux 7.0
GNU glibc 2.2.2
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
GNU glibc 2.2.1
GNU glibc 2.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ Wirex Immunix OS 7+
GNU glibc 2.1.9 and Greater
GNU glibc 2.1.3 -10
+ Debian Linux 2.2
GNU glibc 2.1.3
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ Red Hat Linux 6.2
+ RedHat Linux 6.2 sparcv9
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.0 1
GNU glibc 2.1.2
GNU glibc 2.1.1 -6
+ RedHat Linux 6.0
GNU glibc 2.1.1
GNU glibc 2.1
GNU glibc 2.0.6
GNU glibc 2.0.5
GNU glibc 2.0.4
GNU glibc 2.0.3
GNU glibc 2.0.2
GNU glibc 2.0.1
GNU glibc 2.0
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
Cray UNICOS 9.2 .4
Cray UNICOS 9.2
Cray UNICOS 9.0.2 .5
Cray UNICOS 9.0
Cray UNICOS 8.3
Cray UNICOS 8.0
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
NetBSD NetBSD 1.6
ISC BIND 9.2.2
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.0
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
ISC BIND 8.2.6
+ Conectiva Linux 6.0
+ OpenPKG OpenPKG 1.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
ISC BIND 4.9.9
Astaro Security Linux 2.0 27

- 不受影响的程序版本

NetBSD NetBSD 1.6
ISC BIND 9.2.2
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 8.3.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.0
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
ISC BIND 8.2.6
+ Conectiva Linux 6.0
+ OpenPKG OpenPKG 1.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
ISC BIND 4.9.9
Astaro Security Linux 2.0 27

- 漏洞讨论

The libc library includes functions which perform DNS lookups. A buffer overflow vulnerability has been reported in versions of libc used by some operating systems. In particular, FreeBSD, NetBSD, OpenBSD and GNU glibc have been reported to suffer from this issue.

The vulnerable code is related to DNS queries. It may be possible for a malicious DNS server to provide a response which will exploit this vulnerability, resulting in the execution of arbitrary code as the vulnerable process. The consequences of exploitation will be highly dependant on the details of individual applications using libc.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

An initial workaround of using a trusted caching DNS server to reconstruct DNS answers was a sufficient workaround. It has since been discovered that this is not a sufficient workaround, and that the only way to properly resolve this vulnerability is to installed fixed resolver libraries.

For users of BIND 8, Tim Gladding <tim@gladding.com> has contributed an unofficial BIND 9 patch which may alleviate some difficulties with migration involving the 'multiple-cnames yes;' option in BIND 8. Details are available in his BugTraq post, available as a reference.

Upgrade to the latest version of BIND to eliminate vulnerabilities found in earlier versions. As of this writing, the most current version is 9.2.2.

BIND is available for download from URL:
http://www.isc.org/products/BIND/bind9.html

An alternative solution is to a apply vendor specific patch. Users should check with their particular vendor to determine the status of their specific patches.

It should be noted that binaries statically linked to libc will need to be recompiled with fixed libraries.

System administrators should contact their individual vendor for upgrade or patch information to fix the BIND DNS resolver code buffer overflow vulnerability.

DNS resolver libraries can be used by multiple applications on most systems. It may be necessary to upgrade or apply multiple patches and then recompile statically linked applications.

Applications that are statically linked must be recompiled using patched resolver libraries. Applications that are dynamically linked do not need to be recompiled; however, running services need to be restarted in order to use the patched resolver libraries.

System administrators should consider the following process when addressing this issue:
1. Patch or obtain updated resolver libraries.
2. Restart any dynamically linked services that make use of the resolver libraries.
3. Recompile any statically linked applications using the patched or updated resolver libraries.

HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).

FreeBSD releases RELENG_4_5 and RELENG_4_6 are fixed as of 06 June 2002.

FreeBSD has released other upgrades. Users are advised to upgrade their Ports
collection and reinstall the affected port.

OpenBSD and FreeBSD patches are available.

Compaq has stated that the impact of this vulnerability is currently being investigated, and has been assigned incident number x-ref:SSRT2270.

Cray has announced that UNICOS is affected by this issue, and has assigned incident ID SPR 722619 to track this issue.

The ISC has announced that BIND 9 is also affected by this vulnerability. ISC BIND 9.2.2 has been released to address this issue in BIND 9.2.x.

Network Appliance has stated that some NetApp systems may be affected, but has not made details publicly available. Users are advised to check NOW (http://now.netapp.com) for further information.

SGI has stated that they are investigating the impact, but have made no further details available.

Apple has announced that Mac OS X and OS X Server are not affected by this issue.

Users of Astaro Secure Linux 2.x are advised to use Up2Date to upgrade to version 2.027.

Users of GNU glibc are advised to update to versions more recent than 2.1.2. Additional vulnerabilities in the process of resolving network names and addresses through DNS can be worked around by editing the file /etc/nsswitch.conf and ensuring that the 'networks:' line does not specify that DNS be used.

SuSE has suggested that users set the approriate line to read 'networks: files'. SuSE reports that updated glibc packages will be made available in the near future.

HP has recommended that users of HP Secure OS version 1.0 apply the appropriate fixes described in Red Hat Security Advisory RHSA-2002:139.

Caldera has released an advisory with updates. See the attached Caldera advisory for details on obtaining fixes.

HP has made temporary BIND upgrades available for HP-UX installations. The files are located at the following server:

System: hprc.external.hp.com (192.170.19.51)
Login: bind
Password: bind1

HP has updated the fix for HP-UX 10.20. In HP-UX 10.20, the DNS API was part of the C library. The fix now includes an update for the statically linked library. Any programs which used the DNS API must be relinked. HP claims to know of no such programs included by default, however they may be detected by issuing the following command:

strings -a suspect_program | grep "Too many addresses (%d)"

If the string is present, the suspected program should be relinked with the corrected libc.a included in PHCO_26152.depot.

HP has released an updated advisory, HPSBUX0209-218 (rev .1), stating several HP peripheral devices are vulnerable. A firmware upgrade which addresses this issue is available for HP JetDirect Print Servers. Further information on how to obtain and apply the firmware can be found in the attached advisory.

Users of EnGarde Secure Linux are advised to upgrade vulnerable glibc libraries by installing the RPMs listed in the advisory. Further details can be found in the referenced advisory.

NetBSD has issued a new advisory 2002-015. NetBSD 1.6 is not affected by this issue. Users are strongly urged to upgrade their systems to NetBSD 1.6 or to update to the most recent sources of the appropriate branches. Further details are available in the referenced NetBSD advisory.

Conectiva has released an advisory (CLA-2002:535) which contains upgrades. See the referenced advisory for further details on obtaining fixes.

A security fix was provided on October 1st, 2002 for Openwall GNU/*/Linux. Users should contact the vendor to obtain fixed glibc packages.

Red Hat has released a new advisory (RHSA-2002:197-09). Updated glibc and nscd RPMs are available. See the attached advisory for details on obtaining fixes.

Updates are available for Sorceror Linux. These updates can be applied using the following command:

augur synch && augur update

HP has updated security bulletin HPSBUX0208-209. New information about obtaining and applying fixes are available in the referenced advisory.

HP has released HPSBUX0208-209 (rev.12) containing fix information for HP-UX B.10.20 and B.11.04. See the updated advisory for details.

HP has released HPSBUX0208-209 (rev.16) containing fix information. See the updated advisory for details.

Updates are available:


Sun Solaris 8_sparc

OpenBSD OpenBSD 3.0

IBM AIX 5.1
  • IBM IY32746


Sun Solaris 7.0

OpenBSD OpenBSD 3.1

HP HP-UX 11.22

GNU glibc 2.1.3

GNU glibc 2.2.2

GNU glibc 2.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站