Bugtraq mailing list archives
Re: SNI-12: BIND Vulnerabilities and Solutions
From: pk () TECHFAK UNI-BIELEFELD DE (Peter Koch)
Date: Wed, 23 Apr 1997 09:14:23 +0200
BIND allows passing of hostnames larger than MAXHOSTNAMELEN in size to programs. As many programs utilize buffers of size MAXHOSTNAMELEN and copy the results from a query into these buffers, an overflow can occur. This can allow an attacker to execute arbitrary commands on a remote server in a worst case scenario.
You are fixing the wrong problem here. MAXHOSTNAMELEN MUST NOT be used to estimate the length of a domain name returned by gethostby*(). Its sole purpose is to give the size of gethostname()'s return buffer. MAXHOSTNAMELEN is OS dependent, while the maximum length of a domain name (and yes, also a host name) is set to 255 per RFC 1123, section 2.1: Host software MUST handle host names of up to 63 characters and SHOULD handle host names of up to 255 characters. DO NOT destroy the resolver by applying this patch. There are some systems, e.g. AIX 3.2.5, which still have MAXHOSTNAMELEN at 32, so even if it works it will do more harm than good. -Peter
Current thread:
- SNI-12: BIND Vulnerabilities and Solutions Oliver Friedrichs (Apr 22)
- Re: SNI-12: BIND Vulnerabilities and Solutions Peter Koch (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions Paul A Vixie (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Johannes Erdfelt (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Gene Spafford (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Michael K. Sanders (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Johannes Erdfelt (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Yiorgos Adamopoulos (Apr 24)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- CERT Advisory CA-97.10 - Vulnerability in Natural Language Service Aleph One (Apr 24)
- CERT Vendor-Initiated Bulletin VB-97.02 - Guestbook Script Vul Aleph One (Apr 24)
- [linux-security] Linux squake security hole (provides root if Aleph One (Apr 24)
- Re: SNI-12: BIND Vulnerabilities and Solutions Peter Koch (Apr 23)