|
|
DProxy Stack-Based Buffer-Overflow Vulnerability
Solution: The vendor has reportedly stopped maintaining the vulnerable package. The dproxy-nexgen package was created as a replacement for dproxy, and is not vulnerable to this issue. The reporter of this issue provided the following patch to address this issue. Symantec has not confirmed or tested this patch. --- dproxy-0.5/dproxy.c 2000-02-03 04:15:35.000000000 +0100 +++ dproxy-0.5.patched/dproxy.c 2007-03-13 13:07:53.000000000 +0100 @@ -105,7 +105,7 @@ /* child process only here */ signal(SIGCHLD, SIG_IGN); - strcpy( query_string, pkt.buf ); + strncpy( query_string, pkt.buf, sizeof(query_string) ); decode_domain_name( query_string ); debug("query: %s\n", query_string ); |
|
Privacy Statement |