• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor libc DNS Resolver Information Leakage Vulnerability

It has been reported that under some circumstances libc DNS resolver implementations may read beyond the end of undersized DNS responses. This issue may potentially cause memory contents to be leaked remotely.

Reportedly, this vulnerability is due to undersized buffers being passed to res_search() and res_query() functions. This may result in the contents of some memory being revealed to an attacker.

Any information obtained in this manner may aid an attacker in exploiting other existing vulnerabilities such as those that allow or rely on memory corruption.