Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Remote buffer overflow in resolver code of libc
From: Brett Glass <brett () lariat org>
Date: Wed, 26 Jun 2002 17:50:40 -0600

The libc resolver bug (does glibc have the bug too, by the way?) has the potential to affect not only the base operating sytem but everything that's been statically linked with that library. Because the effort involved in rebuilding EVERYTHING is so great, perhaps there's a way to shield systems against this bug without rebuilding them.

What if one were to firewall direct DNS traffic to and from the outside world, requiring all queries to go through a local DNS server (or a "cache," as Dan Bernstein calls it)? The one server would be allowed access to the rest of the world through the firewall, and could ensure that no other machine gets a response that might trigger the bug.

On individual machines, one could direct all queries to localhost and set up one's favorite name daemon (e.g. BIND or djbdns) to "sanitize" incoming responses.

I am not familiar enough with the internals of the varions name daemons to know if they already do this or can easily be modified to do so. Can anyone out there on Bugtraq comment on this approach?

--Brett Glass

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]