• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor libc DNS Resolver Buffer Overflow Vulnerability

The libc library includes functions which perform DNS lookups. A buffer overflow vulnerability has been reported in versions of libc used by some operating systems. In particular, FreeBSD, NetBSD, OpenBSD and GNU glibc have been reported to suffer from this issue.

The vulnerable code is related to DNS queries. It may be possible for a malicious DNS server to provide a response which will exploit this vulnerability, resulting in the execution of arbitrary code as the vulnerable process. The consequences of exploitation will be highly dependant on the details of individual applications using libc.