Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
> I see a claim that glibc isn't vulnerable at:
> Any comments?
GNU libc in its current version does contain incorrect code from BIND
4.9. It is vulnerable, though not in the way initially described by
PINE-CERT. However, most vendors (including, for example, OpenBSD)
have fixed the same vulnerability while adressing the main issues
raised by PINE-CERT.
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com