Potential Buffer Overflow in the DNS resolver

Contributed by jose on 2002-06-26 from the forthcoming-errata dept.

floh writes :

"The errata.html lists a new vulnerability. A buffer overflow in the DNS resolver code, the fix is in the -stable tree already and a source code patch is available here "

I poked it a few times already but didn't find the patch yet. Others have noted that it is forthcoming. Keep your eyes open and apply it when its available (we'll update when it is). Update The first poster pointed out that the availability of patch 007 which fixes this issue. Thanks.

(Comments are closed)

Comments

By Anonymous Coward () on 2002-06-27 01:37

http://cvs.openbsd.org/007_resolver.patch
By Noryungi () n o r y u n g i @ y a h o o . c o m on 2002-06-26 14:28 mailto:n o r y u n g i @ y a h o o . c o m

Errata page was just updated and an ftp:// link has been added.

Is it me, or are the vulnerabilities becoming more and more embarassing for the project? First OpenSSH, then this...

This said, to be fair, the errata count for 3.1 is still really low at 7 erratas, with 3 or 4 of thses dated *before* the official release date. Eat your heart out, Micro$oft! =)
By Jedi/Sector One () j@pureftpd.org on 2002-06-26 14:40 http://www.pureftpd.org

It looks like at least FreeBSD is also vulnerable, as similar fixes were just comitted into the CVS tree.
By Anonymous Coward () on 2002-06-26 15:29

Could someone please clarify exactly what is at risk here? Is this the nslookup program? Is it potential for a local root? Is it BIND & remote?? What is this patch for?
By Anonymous Coward () on 2002-06-26 16:47

As the patch says, none of the files in /bin and /sbin will pick up the patch. The static setuid files on my OpenBSD 3.0 box are :
/sbin/ping
/sbin/ping6
/sbin/shutdown
/bin/rcp
/usr/sbin/pppd

Use something like
file * | egrep id | egrep -v dynamicall
To find dangerous files.
By fansipans () on 2002-06-26 18:24

since this patch was committed to cvs to begin with you can always sync your src/lib/libc with the 3.1 patch branch as such:

$ cd /usr/src/lib/libc
$ setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
$ cvs -q up -rOPENBSD_3_1 -Pd

also note the above comment about statically compiled binaries in /bin and /sbin
By Anonymous Coward () on 2002-06-26 23:45

I have an old OpenBSD box which I use for all my personal mail/files. I'm the only user on it so I'm not worried about local vulnerabilities too much. I assume that BIND must be patched, but do we also have to patch any other service, such as smtp, that uses any of the resolver code? Ie, does this mean that sshd is vulnerable to this bug, in addition to the other bugs it recently had? Right now I am switching to djbdns, but I'm just wondering if I need to do something to sshd, too.
By Steve () printmak@bellatlantic.net on 2002-06-27 13:58 mailto:printmak@bellatlantic.net
By greg () on 2002-06-27 16:25

is there a patch available for netbsd somewhere?
By Lawrence Chan () lchan@montevino.com on 2002-07-08 10:17 mailto:lchan@montevino.com

Hello,

We are using OpenBSD 3.0 and for the rebuilt binaries concerned with the patch, are they supposed to have the same file size as before rebuild? While the file dates reflect the change, are they truly been recompiled? They have been relinked with 'make obj cleandir depend' and rebuilt with 'make && make install.' Please advice.

Lawrence Chan
lchan@montevino.com

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]