多种供应商域名系统DNS分支解析器存在缓冲溢出漏洞发布时间:2002-06-28 更新时间:2002-06-28 严重程度:高 威胁程度:远程管理员权限 错误类型:边界检查错误 利用方式:服务器模式 受影响系统 FreeBSD FreeBSD 4.3 -STABLE详细描述 BSD和ISC BIND使用的DNS解析库存在缓冲溢出,其他系统使用源自ISC BIND的DNS解析库也存在此漏洞,攻击者可以控制DNS响应导致执行任意代码或者进行拒绝服务攻击。 域名系统DNS提供相关IP网络和设备的名字,地址和其他相关的信息,通过查询和解析DNS服务器的响应,IP网络操作系统可以访问DNS信息,当IP网络应用程序需要访问或者处理DNS信息时,它会调用stub resolver library库函数,这个库是底部网络操作系统的一部分。在基于BSD的系统中,DNS stub resolver函数在系统Libc库中实现,而在ISC BIND中它们由libbind实现。 DNS信息需要特殊的字节对齐需要来对信息进行填补,在NS stub resolver函数中这个填补没有正确计算可用缓冲空间,结果攻击者可以伪造DNS信息当应用程序解析时而导致出现缓冲溢出,攻击者可以利用此漏洞执行任意代码和进行拒绝服务攻击。 此漏洞任意外出DNS查询应用程序都可以导致漏洞被利用,漏洞甚至还可以通过EMAIL发送给NETSCAPE用户而触发。由于路由IP,NAT,甚至防火墙这些系统都要初始化外出查询,所以都有可能存在此漏洞。 测试代码 无 解决方案 OpenBSD和FreeBSD补丁下载: FreeBSD FreeBSD 4.3 -STABLE: FreeBSD FreeBSD 4.3 -RELENG: FreeBSD FreeBSD 4.3 -RELEASE: FreeBSD FreeBSD 4.3: FreeBSD FreeBSD 4.4 -STABLE: FreeBSD FreeBSD 4.4 -RELENG: FreeBSD FreeBSD 4.4: FreeBSD FreeBSD 4.5 -STABLE: FreeBSD Patch resolv.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD Patch resolv.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD FreeBSD 4.5 -RELEASE: FreeBSD Patch resolv.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD Patch resolv.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD FreeBSD 4.5: FreeBSD Patch resolv.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD Patch resolv.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD FreeBSD 4.6 -RELEASE: FreeBSD Patch resolv.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD Patch resolv.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD FreeBSD 4.6: FreeBSD Patch resolv.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch Usage detailed in advisory FreeBSD-SA-02:28.resolv. FreeBSD Patch resolv.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc Usage detailed in advisory FreeBSD-SA-02:28.resolv. ISC BIND 4.9: ISC BIND 4.9.3: ISC BIND 4.9.4: ISC BIND 4.9.5: ISC BIND 4.9.6: ISC BIND 4.9.7: ISC BIND 8.1: ISC BIND 8.1.1: ISC BIND 8.1.2: ISC BIND 8.2: ISC BIND 8.2.1: ISC BIND 8.2.2: ISC BIND 8.2.3: NetBSD NetBSD 1.4 x86: NetBSD NetBSD 1.4 SPARC: NetBSD NetBSD 1.4 arm32: NetBSD NetBSD 1.4 Alpha: NetBSD NetBSD 1.4: NetBSD NetBSD 1.4.1 x86: NetBSD NetBSD 1.4.1 SPARC: NetBSD NetBSD 1.4.1 sh3: NetBSD NetBSD 1.4.1 arm32: NetBSD NetBSD 1.4.1 Alpha: NetBSD NetBSD 1.4.1: NetBSD NetBSD 1.4.2 x86: NetBSD NetBSD 1.4.2 SPARC: NetBSD NetBSD 1.4.2 arm32: NetBSD NetBSD 1.4.2 Alpha: NetBSD NetBSD 1.4.2: NetBSD NetBSD 1.4.3: NetBSD NetBSD 1.5 x86: NetBSD NetBSD 1.5 sh3: NetBSD NetBSD 1.5: NetBSD NetBSD 1.5.1: NetBSD NetBSD 1.5.2: OpenBSD OpenBSD 2.7: OpenBSD OpenBSD 2.8: OpenBSD OpenBSD 2.9: OpenBSD Patch 027_resolver.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/027_resolver.patch OpenBSD OpenBSD 3.0: OpenBSD Patch 025_resolver.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/025_resolver.patch OpenBSD OpenBSD 3.1: OpenBSD Patch 007_resolver.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/007_resolver.patch 相关信息 参考:http://www.kb.cert.org/vuls/id/803539 http://archives.neohapsis.com/archives/bugtraq/2002-06/0329.html http://archives.neohapsis.com/archives/bugtraq/2002-06/0337.html |
