SUMMARY: Patch for "Buffer Overflow in DNS Resolver Libraries"
2007-12-24 23:14:00
admitting publicly that I'm an idiot. :-) I had an anti-spam filter
that, among other things, /dev/null-ed e-mail to my codeprof
mailbox that wasn't from codeprof at codeprof.com. So, I probably
got some replies before I realized this and fixed it, but I never saw
them.
One of my coworkers did open a case with Sun. Supposedly, Solaris is
vulnerable and they are working on a patch. The bugid he gave me is
4708913 (one of the ones I found). Personally, I'm still skeptical
since SunSolve says that the bugid is closed.
That's all I know. Sorry for the lame summary.
--
Mike
>>>>> "Mike" == Mike Fuller <codeprof at mikeandanna.net> writes:
> CERT Advisory CA-2002-19 "Buffer Overflow in Multiple DNS Resolver
> Libraries":
> http://www.cert.org/advisories/CA-2002-19.html
> claims that Solaris is vulnerable; however, I have been unable to
> locate an open bugid to track on SunSolve. There are two (4708913
> and 4710816), but both are closed and have no Patch ID associated
> with them. The only recent patch of libresolv.so I've seen is:
> http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109326&rev=08
> which does not claim to address this bug and predates the
> announcement by 3 days.
> What's weirder is that I have neither seen mention of it here nor
> seen the usual amount of discussion in Bugtraq, so I have no idea if
> I'm really vulnerable. So, is Solaris vulnerable? And if so, has
> anybody heard what Sun's plans are for a patch?
> BTW, I suppose the correct thing to do in this situation is to just
> open up a case with Sun, but since this should be of general
> interest, I'm asking here. Respond to me and I'll summarize.
Comments
Got something to say?
You must be logged in to post a comment.
