os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-SA-02:28.resolv.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

126 lines
5.1 KiB
Text
Raw Blame History

=============================================================================
FreeBSD-SA-02:28.resolv Security Advisory
The FreeBSD Project
Topic: buffer overflow in resolver
Category: core
Module: libc
Announced: 2002-06-26
Credits: Joost Pol <joost@pine.nl>
Affects: All releases prior to and including 4.6-RELEASE
Corrected: 2002-06-26 06:34:18 UTC (RELENG_4)
2002-06-26 08:44:24 UTC (RELENG_4_6)
2002-06-26 18:53:20 UTC (RELENG_4_5)
2002-06-26 21:43:44 UTC (RELENG_4_4)
FreeBSD only: NO
0. Revision History
v1.0 2002-06-26 Initial release
v1.1 2002-06-XX Add RELENG_4_4 update and workaround
I. Background
The resolver implements functions for making, sending and interpreting
query and reply messages with Internet domain name servers.
Hostnames, IP addresses, and other information are queried using the
resolver.
II. Problem Description
DNS messages have specific byte alignment requirements, resulting in
padding in messages. In a few instances in the resolver code, this
padding is not taken into account when computing available buffer
space. As a result, the parsing of a DNS message may result in a
buffer overrun of up to a few bytes for each record included in the
message.
III. Impact
An attacker (either a malicious domain name server or an agent that
can spoof DNS messages) may produce a specially crafted DNS message
that will exploit this bug when parsed by an application using the
resolver. It may be possible for such an exploit to result in the
execution of arbitrary code with the privileges of the resolver-using
application. Though no exploits are known to exist today, since
practically all Internet applications utilize the resolver, the
severity of this issue is high.
IV. Workaround
By using a local caching nameserver that reconstructs all DNS responses,
such as BIND 9, any badly formed DNS responses may be `filtered out',
including malicious ones. Note that the name server must be run locally
on the same host as the resolver-using application, or other measures
must be taken to ensure the integrity of communications between the
name server and the application. Failure to do so may allow the
possibility of spoofed DNS responses which bypass the name server.
V. Solution
Do one of the following:
1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
RELENG_4_5, or RELENG_4_4 security branch dated after the correction
date (4.6-RELEASE-p1, 4.5-RELEASE-p7, or 4.4-RELEASE-p14).
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 4.5,
FreeBSD 4.4, and FreeBSD 4.6 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating systems as described in
<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
Note that any statically linked applications that are not part of
the base system (i.e. from the Ports Collection or other 3rd-party
sources) must be recompiled.
All affected applications must be restarted for them to use the
corrected library. Though not required, rebooting may be the easiest
way to accomplish this.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Path Revision
Branch
- -------------------------------------------------------------------------
src/lib/libc/net/gethostbydns.c
RELENG_4 1.27.2.2
RELENG_4_6 1.27.10.1
RELENG_4_5 1.27.8.1
RELENG_4_4 1.27.6.1
src/lib/libc/net/getnetbydns.c
RELENG_4 1.13.2.2
RELENG_4_6 1.13.2.1.8.1
RELENG_4_5 1.13.2.1.6.1
RELENG_4_4 1.13.2.1.4.1
src/lib/libc/net/name6.c
RELENG_4 1.6.2.6
RELENG_4_6 1.6.2.5.8.1
RELENG_4_5 1.6.2.5.6.1
RELENG_4_4 1.6.2.5.4.1
src/sys/conf/newvers.sh
RELENG_4_6 1.44.2.23.2.2
RELENG_4_5 1.44.2.20.2.8
RELENG_4_4 1.44.2.17.2.13
- -------------------------------------------------------------------------
VII. References
<URL:http://www.pine.nl/advisories/pine-cert-20020601.html>
Reference in a new issue View git blame Copy permalink