--- Begin Message ---
- To: sen_ml@eccosys.com
- Cc: debian-security@lists.debian.org
- Subject: [d-security] Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
- From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Date: Thu, 04 Jul 2002 08:40:31 +0200
- Message-id: <8765zwt2qo.fsf@CERT.Uni-Stuttgart.DE>
- In-reply-to: <20020704.092822.63130717@message-id.org> (sen_ml@eccosys.com's message of "Thu, 04 Jul 2002 09:28:22 +0900 (JST)")
- References: <87y9cv2sie.fsf@labatt.uhoreg.ca> <20020704.092822.63130717@message-id.org>
sen_ml@eccosys.com writes:
> I see a claim that glibc isn't vulnerable at:
>
> http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/AAMN-5BMSW2
>
> Any comments?
GNU libc in its current version does contain incorrect code from BIND
4.9. It is vulnerable, though not in the way initially described by
PINE-CERT. However, most vendors (including, for example, OpenBSD)
have fixed the same vulnerability while adressing the main issues
raised by PINE-CERT.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- End Message ---