OpenBSD Journal

Potential Buffer Overflow in the DNS resolver

Contributed by jose on from the forthcoming-errata dept.

floh writes :
"The errata.html lists a new vulnerability. A buffer overflow in the DNS resolver code, the fix is in the -stable tree already and a source code patch is available here "
I poked it a few times already but didn't find the patch yet. Others have noted that it is forthcoming. Keep your eyes open and apply it when its available (we'll update when it is). Update The first poster pointed out that the availability of patch 007 which fixes this issue. Thanks.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    http://cvs.openbsd.org/007_resolver.patch

  2. By Noryungi () n o r y u n g i @ y a h o o . c o m on mailto:n o r y u n g i @ y a h o o . c o m


    Errata page was just updated and an ftp:// link has been added.

    Is it me, or are the vulnerabilities becoming more and more embarassing for the project? First OpenSSH, then this...

    This said, to be fair, the errata count for 3.1 is still really low at 7 erratas, with 3 or 4 of thses dated *before* the official release date. Eat your heart out, Micro$oft! =)

  3. By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org

    It looks like at least FreeBSD is also vulnerable, as similar fixes were just comitted into the CVS tree.

  4. By Anonymous Coward () on

    Could someone please clarify exactly what is at risk here? Is this the nslookup program? Is it potential for a local root? Is it BIND & remote?? What is this patch for?

  5. By Anonymous Coward () on

    As the patch says, none of the files in /bin and /sbin will pick up the patch. The static setuid files on my OpenBSD 3.0 box are :
    /sbin/ping
    /sbin/ping6
    /sbin/shutdown
    /bin/rcp
    /usr/sbin/pppd

    Use something like
    file * | egrep id | egrep -v dynamicall
    To find dangerous files.

  6. By fansipans () on

    since this patch was committed to cvs to begin with you can always sync your src/lib/libc with the 3.1 patch branch as such:

    $ cd /usr/src/lib/libc
    $ setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
    $ cvs -q up -rOPENBSD_3_1 -Pd

    also note the above comment about statically compiled binaries in /bin and /sbin

  7. By Anonymous Coward () on

    I have an old OpenBSD box which I use for all my personal mail/files. I'm the only user on it so I'm not worried about local vulnerabilities too much. I assume that BIND must be patched, but do we also have to patch any other service, such as smtp, that uses any of the resolver code? Ie, does this mean that sshd is vulnerable to this bug, in addition to the other bugs it recently had? Right now I am switching to djbdns, but I'm just wondering if I need to do something to sshd, too.

  8. By greg () on

    is there a patch available for netbsd somewhere?

  9. By Lawrence Chan () lchan@montevino.com on mailto:lchan@montevino.com


    Hello,

    We are using OpenBSD 3.0 and for the rebuilt binaries concerned with the patch, are they supposed to have the same file size as before rebuild? While the file dates reflect the change, are they truly been recompiled? They have been relinked with 'make obj cleandir depend' and rebuilt with 'make && make install.' Please advice.

    Lawrence Chan
    lchan@montevino.com

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]