LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'glibc' Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Updated glibc packages are available to fix two vulnerabilities in theresolver functions. A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of network names and addresses via DNS

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated glibc packages fix vulnerabilities in resolver
Advisory ID:       RHSA-2002:139-10
Issue date:        2002-07-11
Updated on:        2002-07-22
Product:           Red Hat Linux
Keywords:          glibc resolver nsswitch strncpy
Cross references:  
Obsoletes:         RHSA-2001:160
CVE Names:         CAN-2002-0684 CAN-2002-0651
---------------------------------------------------------------------

1. Topic:

Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, i686, sparc, sparcv9

Red Hat Linux 7.0 - alpha, alphaev6, i386, i686

Red Hat Linux 7.1 - alpha, alphaev6, i386, i686, ia64

Red Hat Linux 7.2 - i386, i686, ia64

Red Hat Linux 7.3 - i386, i686

3. Problem description:

The glibc package contains standard libraries which are used by
multiple programs on the system.

A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011).  Version 2.2.5 of glibc and earlier versions are
affected.  A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry.  By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue.  (CAN-2002-0684)

A second, related, issue is a bug in the glibc-compat packages,  which
provide compatibility for applications compiled against glibc version
2.0.x.  Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue.  (CAN-2002-0651)

These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.

All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/glibc-2.1.3-24.src.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/en/os/alpha/glibc-2.1.3-24.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/glibc-devel-2.1.3-24.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/glibc-profile-2.1.3-24.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/nscd-2.1.3-24.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/os/i386/glibc-2.1.3-24.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/glibc-devel-2.1.3-24.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/glibc-profile-2.1.3-24.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/nscd-2.1.3-24.i386.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/en/os/sparc/glibc-2.1.3-24.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/glibc-devel-2.1.3-24.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/glibc-profile-2.1.3-24.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/nscd-2.1.3-24.sparc.rpm

sparcv9: 
ftp://updates.Red Hat.com/6.2/en/os/sparcv9/glibc-2.1.3-24.sparcv9.rpm

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.4.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/glibc-2.2.4-18.7.0.4.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.4.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.4.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.4.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/nscd-2.2.4-18.7.0.4.alpha.rpm

alphaev6: 
ftp://updates.Red Hat.com/7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.4.alphaev6.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/glibc-2.2.4-18.7.0.4.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/glibc-common-2.2.4-18.7.0.4.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.4.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.4.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/nscd-2.2.4-18.7.0.4.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.0/en/os/i686/glibc-2.2.4-18.7.0.4.i686.rpm

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/glibc-2.2.4-27.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/glibc-2.2.4-27.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/glibc-common-2.2.4-27.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/glibc-devel-2.2.4-27.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/glibc-profile-2.2.4-27.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/nscd-2.2.4-27.alpha.rpm

alphaev6: 
ftp://updates.Red Hat.com/7.1/en/os/alphaev6/glibc-2.2.4-27.alphaev6.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/glibc-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/glibc-common-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/glibc-devel-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/glibc-profile-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/nscd-2.2.4-27.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.1/en/os/i686/glibc-2.2.4-27.i686.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/glibc-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/nscd-2.2.4-27.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/glibc-2.2.4-27.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/glibc-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/glibc-common-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/glibc-devel-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/glibc-profile-2.2.4-27.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/nscd-2.2.4-27.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.2/en/os/i686/glibc-2.2.4-27.i686.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/glibc-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/nscd-2.2.4-27.ia64.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/glibc-2.2.5-37.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-common-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-debug-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-debug-static-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-devel-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-profile-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/glibc-utils-2.2.5-37.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/nscd-2.2.5-37.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.3/en/os/i686/glibc-2.2.5-37.i686.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i686/glibc-debug-2.2.5-37.i686.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
9a3e1bff97d347d5d0eaa649285a29e7 6.2/en/os/SRPMS/glibc-2.1.3-24.src.rpm
2e3e177fe6e65d26cdbb96588a9a5d7c 6.2/en/os/alpha/glibc-2.1.3-24.alpha.rpm
eeaabcca9198c433f2e5f4a3c37e9f94 6.2/en/os/alpha/glibc-devel-2.1.3-24.alpha.rpm
e471e5eaddb1096c9e0b6b43d2285e6b 6.2/en/os/alpha/glibc-profile-2.1.3-24.alpha.rpm
0d3567e1ad976fb9968f066d76c1713c 6.2/en/os/alpha/nscd-2.1.3-24.alpha.rpm
55c893993fd3101ce3c3847b03a3fbbe 6.2/en/os/i386/glibc-2.1.3-24.i386.rpm
f9484a4634fce16bed9cdaf098cf861f 6.2/en/os/i386/glibc-devel-2.1.3-24.i386.rpm
aed4c48fbc415b8aefe2c20933bbf6b8 6.2/en/os/i386/glibc-profile-2.1.3-24.i386.rpm
07abd4e9d2181f8948af2fe76784b554 6.2/en/os/i386/nscd-2.1.3-24.i386.rpm
eb0c870314704ed3eb95961f4060cc7c 6.2/en/os/sparc/glibc-2.1.3-24.sparc.rpm
01c54853ad6a5083bb23eda3d43b22a5 6.2/en/os/sparc/glibc-devel-2.1.3-24.sparc.rpm
e39a6b9420f251d11cad05032bf0275b 6.2/en/os/sparc/glibc-profile-2.1.3-24.sparc.rpm
decd8617187517c68d7fa0d0438adf12 6.2/en/os/sparc/nscd-2.1.3-24.sparc.rpm
f60261b7b32f5a627267e06306af56f5 6.2/en/os/sparcv9/glibc-2.1.3-24.sparcv9.rpm
5b64505518a0dcc4d6b023f0c7af3960 7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.4.src.rpm
10d795dcdfc8756f03219f116182d702 7.0/en/os/alpha/glibc-2.2.4-18.7.0.4.alpha.rpm
90714b1817aa083dec2e57477043caf6 7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.4.alpha.rpm
0b61592283a9640030c127a5cd124336 7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.4.alpha.rpm
6e5da4f63088606f19777233d68ab296 7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.4.alpha.rpm
739a998a00fc67c4e6a5170e55d17cb5 7.0/en/os/alpha/nscd-2.2.4-18.7.0.4.alpha.rpm
39dc3b3b9a963a3c7348a73c0a2ff7f8 7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.4.alphaev6.rpm
321393b42a53d31f69b6eaffc9f2102a 7.0/en/os/i386/glibc-2.2.4-18.7.0.4.i386.rpm
50afc752fff2c878011119e1b37e8571 7.0/en/os/i386/glibc-common-2.2.4-18.7.0.4.i386.rpm
78ab2c22d7b8612016a89907dcbd0d29 7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.4.i386.rpm
87d4668630cfd074fefd150475f1e5e5 7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.4.i386.rpm
d513dc5efa2d875866ffbdd244a92a67 7.0/en/os/i386/nscd-2.2.4-18.7.0.4.i386.rpm
e35c630998bd879e88f1ab9bb9b74d72 7.0/en/os/i686/glibc-2.2.4-18.7.0.4.i686.rpm
8b5c7cb9220631e68050637383b9c29d 7.1/en/os/SRPMS/glibc-2.2.4-27.src.rpm
d70b222f0e4a3ab20968857c68b683ce 7.1/en/os/alpha/glibc-2.2.4-27.alpha.rpm
8bb579b8a232b90550291904d4078449 7.1/en/os/alpha/glibc-common-2.2.4-27.alpha.rpm
5923ddfbc622ab02ef63a08607c32b00 7.1/en/os/alpha/glibc-devel-2.2.4-27.alpha.rpm
a2701ab8e56f3ed77d62d7de84dd7ce4 7.1/en/os/alpha/glibc-profile-2.2.4-27.alpha.rpm
01be31be9c13facb3f88b3717c0e3319 7.1/en/os/alpha/nscd-2.2.4-27.alpha.rpm
de454e55e66522bd40739370092422ba 7.1/en/os/alphaev6/glibc-2.2.4-27.alphaev6.rpm
eeafe747b480543489d3d91c496af3bc 7.1/en/os/i386/glibc-2.2.4-27.i386.rpm
b75ad5323c294daf1dc53c8bd74bdae2 7.1/en/os/i386/glibc-common-2.2.4-27.i386.rpm
75ddc348fa944e0df55bb8351a0988e3 7.1/en/os/i386/glibc-devel-2.2.4-27.i386.rpm
915abdc16175ec8ee07adbaf406b563d 7.1/en/os/i386/glibc-profile-2.2.4-27.i386.rpm
8c4b8d913b56910d1eb043cd8fb7dadf 7.1/en/os/i386/nscd-2.2.4-27.i386.rpm
8c33fbd6a3a0e40c22e8892a624bd398 7.1/en/os/i686/glibc-2.2.4-27.i686.rpm
c5a61c4a96e0c89cb94c5755b9d640df 7.1/en/os/ia64/glibc-2.2.4-27.ia64.rpm
2753a1d09ef0294dd611283a6dc01279 7.1/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm
175abe8553824db00c84fd7ba23150d6 7.1/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm
f3774fb87287ad7cd9e083d062cda348 7.1/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm
7e7c12abfea5507a0a5cc8744072c747 7.1/en/os/ia64/nscd-2.2.4-27.ia64.rpm
8b5c7cb9220631e68050637383b9c29d 7.2/en/os/SRPMS/glibc-2.2.4-27.src.rpm
eeafe747b480543489d3d91c496af3bc 7.2/en/os/i386/glibc-2.2.4-27.i386.rpm
b75ad5323c294daf1dc53c8bd74bdae2 7.2/en/os/i386/glibc-common-2.2.4-27.i386.rpm
75ddc348fa944e0df55bb8351a0988e3 7.2/en/os/i386/glibc-devel-2.2.4-27.i386.rpm
915abdc16175ec8ee07adbaf406b563d 7.2/en/os/i386/glibc-profile-2.2.4-27.i386.rpm
8c4b8d913b56910d1eb043cd8fb7dadf 7.2/en/os/i386/nscd-2.2.4-27.i386.rpm
8c33fbd6a3a0e40c22e8892a624bd398 7.2/en/os/i686/glibc-2.2.4-27.i686.rpm
c5a61c4a96e0c89cb94c5755b9d640df 7.2/en/os/ia64/glibc-2.2.4-27.ia64.rpm
2753a1d09ef0294dd611283a6dc01279 7.2/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm
175abe8553824db00c84fd7ba23150d6 7.2/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm
f3774fb87287ad7cd9e083d062cda348 7.2/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm
7e7c12abfea5507a0a5cc8744072c747 7.2/en/os/ia64/nscd-2.2.4-27.ia64.rpm
9c2d0f4717f4931ff3d233ef44cfa5b1 7.3/en/os/SRPMS/glibc-2.2.5-37.src.rpm
b3e14c27d1f337107662cffe8111ffb4 7.3/en/os/i386/glibc-2.2.5-37.i386.rpm
318a0e614f31b4ea63ea122ffc9b0abc 7.3/en/os/i386/glibc-common-2.2.5-37.i386.rpm
c11c152ffb7b98e3ada86ef89b21060b 7.3/en/os/i386/glibc-debug-2.2.5-37.i386.rpm
8f7403eb789e624a91a5728c752ffb7e 7.3/en/os/i386/glibc-debug-static-2.2.5-37.i386.rpm
1364e6e500af53789f94a845d7201745 7.3/en/os/i386/glibc-devel-2.2.5-37.i386.rpm
977f0364e31ef240375d5dc3abce27c9 7.3/en/os/i386/glibc-profile-2.2.5-37.i386.rpm
702c9e2f376d9d10829961b29d1e3fd3 7.3/en/os/i386/glibc-utils-2.2.5-37.i386.rpm
aa3e2f88f60ca8e8566d45a8e8bf6218 7.3/en/os/i386/nscd-2.2.5-37.i386.rpm
854b21baba0b4b32963bc322fe59ffc2 7.3/en/os/i686/glibc-2.2.5-37.i686.rpm
0d488fae1d4248bbd1727c402143d5f6 7.3/en/os/i686/glibc-debug-2.2.5-37.i686.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.cert.org/advisories/CA-2002-19.html 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651



Copyright(c) 2000, 2001, 2002 Red Hat, Inc.



_______________________________________________
Red Hat-watch-list mailing list
To unsubscribe, visit: https://listman.Red Hat.com/mailman/listinfo/Red Hat-watch-list


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.