Vulnerability Development mailing list archives
Re: Remote buffer overflow in resolver code of libc
From: Brett Glass <brett () lariat org>
Date: Wed, 26 Jun 2002 17:50:40 -0600
The libc resolver bug (does glibc have the bug too, by the way?) has the potential to affect not only the base operating sytem but everything that's been statically linked with that library. Because the effort involved in rebuilding EVERYTHING is so great, perhaps there's a way to shield systems against this bug without rebuilding them.
What if one were to firewall direct DNS traffic to and from the outside world, requiring all queries to go through a local DNS server (or a "cache," as Dan Bernstein calls it)? The one server would be allowed access to the rest of the world through the firewall, and could ensure that no other machine gets a response that might trigger the bug.
On individual machines, one could direct all queries to localhost and set up one's favorite name daemon (e.g. BIND or djbdns) to "sanitize" incoming responses.
I am not familiar enough with the internals of the varions name daemons to know if they already do this or can easily be modified to do so. Can anyone out there on Bugtraq comment on this approach?
--Brett Glass
Current thread:
- Remote buffer overflow in resolver code of libc Mark Lastdrager (Jun 26)
- Re: Remote buffer overflow in resolver code of libc Brett Glass (Jun 26)
- Re: Remote buffer overflow in resolver code of libc David Conrad (Jun 27)
- Does the libc (BIND-4) resolver bug affect MS DNS too? Mikael Olsson (Jun 28)
- Re: Remote buffer overflow in resolver code of libc Brett Glass (Jun 26)