[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: potential resolver vulnerability?

To: John Miller <johnm@CHI-LLC.com>, misc@openbsd.org
Subject: Re: potential resolver vulnerability?
From: Jeff Bachtel <jeff@cepheid.org>
Date: Wed, 26 Jun 2002 17:21:05 -0500
Content-Disposition: inline
References: <20020626143504.72230110.johnm@chi-llc.com>
User-Agent: Mutt/1.2.5i

FreeBSD and OpenBSD fixed their resolvers within minutes of each
other. If I remember my CVS log correctly, its already been ported
back to OPENBSD_3_1 and 3_0.

jeff

On Wed, Jun 26, 2002 at 02:35:04PM -0700, John Miller wrote:
> On the FreeBSD security mailing list they have released an advisory against a buffer overflow in resolver.
> 
> http://docs.freebsd.org/cgi/getmsg.cgi?fetch=927832+0+current/freebsd-security
> 
> After looking over their patch:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch 
> 
> I started playing around with porting it to OpenBSD, here's what I have so far:
> 
> resolver.patch

References:
- potential resolver vulnerability?
  - From: John Miller <johnm@CHI-LLC.com>

Prev by Date: Re: -current "sane to try" yet?
Next by Date: Re: Honesty
Prev by thread: Re: potential resolver vulnerability?
Next by thread: Re: potential resolver vulnerability?
Index(es):
- Date
- Thread