Does the libc (BIND-4) resolver bug affect MS DNS too?

From: Mikael Olsson (mikael.olssonat_private)
Date: Thu Jun 27 2002 - 11:59:59 PDT

Next message: bugzillaat_private: "[RHSA-2002:127-18] Updated OpenSSH packages fix various security issues"

Previous message: securityat_private: "Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling"
In reply to: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
Next in thread: David Conrad: "Re: Remote buffer overflow in resolver code of libc"
Next in thread: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Considering that all versions of bind up to 4.9.8 are vulnerable,
and that Microsoft's DNS was (originally) based on bind 4.9.5,
it might be a wise to check how MS DNS (including the NT4 version) 
handles these nastygrams.

$.02

/Mikael Olsson

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

Next message: bugzillaat_private: "[RHSA-2002:127-18] Updated OpenSSH packages fix various security issues"
Previous message: securityat_private: "Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling"
In reply to: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
Next in thread: David Conrad: "Re: Remote buffer overflow in resolver code of libc"
Next in thread: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 11:51:00 PDT