1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : glibc |
5 |
SUMMARY : buffer overflow vulnerability in glibc |
6 |
DATE : Sat Jul 13 21:36:11 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
The DNS resolver code in glibc may allow a remote attacker to send |
12 |
malicious dns responses to execute arbitrary code or cause a denial of |
13 |
service attack on affected systems. |
14 |
|
15 |
DETAIL |
16 |
|
17 |
Any code run by the attacker would run with the same privileges as the |
18 |
process which calls the resolver library. Additionally, the attacker may |
19 |
cause one of the services on the victim machine to make DNS requests to a |
20 |
server under the attacker's control and execute more arbitrary code. |
21 |
|
22 |
http://www.cert.org/advisories/CA-2002-19.html |
23 |
http://bugs.gentoo.org/show_bug.cgi?id=4923 |
24 |
|
25 |
|
26 |
SOLUTION |
27 |
|
28 |
It is recommended that all Gentoo Linux users update their systems as |
29 |
follows. |
30 |
|
31 |
emerge --clean rsync |
32 |
emerge glibc |
33 |
emerge clean |
34 |
|
35 |
- ------------------------------------------------------------------------ |
36 |
MichaelThompson@××××××.com |
37 |
azarah@g.o |
38 |
seemant@g.o |
39 |
drobbins@g.o |
40 |
- ------------------------------------------------------------------------ |