LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: glibc buffer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           glibc
Advisory ID:            MDKSA-2002:050
Date:                   August 13th, 2002
Affected versions:      7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
                        Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 A buffer overflow vulnerability was found in the way that the glibc
 resolver handles the resolution of network names and addresses via DNS
 in glibc versions 2.2.5 and earlier.  Only systems using the "dns"
 entry in the "networks" database in /etc/nsswitch.conf are vulnerable
 to this issue.  By default, Mandrake Linux has this database set to
 "files" and is not vulnerable.  Likewise, a similar bug is in the
 glibc-compat packages which provide compatability for programs compiled
 against 2.0.x versions of glibc.
________________________________________________________________________

References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
________________________________________________________________________

Updated Packages:

 Linux-Mandrake 7.1:
 d71ca3ca95d5acb9545857055a21d62b  7.1/RPMS/glibc-2.1.3-20.1mdk.i586.rpm
 e3f9d37a33e5985607e52724918669e7  7.1/RPMS/glibc-devel-2.1.3-20.1mdk.i586.rpm
 ed162a965c668c892b085c21df0f207a  7.1/RPMS/glibc-profile-2.1.3-20.1mdk.i586.rpm
 7e1401d6e9317b168d49df8a3dcf7848  7.1/RPMS/nscd-2.1.3-20.1mdk.i586.rpm
 034cc6d169c15aa173145242e6751898  7.1/SRPMS/glibc-2.1.3-20.1mdk.src.rpm
 Linux-Mandrake 7.2:
 afa1c7e073ed165e88c83bc6dcf60d58  7.2/RPMS/glibc-2.1.3-20.2mdk.i586.rpm
 74e851ab549bd4bb8e016304ad8abba0  7.2/RPMS/glibc-devel-2.1.3-20.2mdk.i586.rpm
 45643ce4610a8531d7df055aad6b5d4a  7.2/RPMS/glibc-profile-2.1.3-20.2mdk.i586.rpm
 4aaab93eb207273119faaf41728e4faa  7.2/RPMS/nscd-2.1.3-20.2mdk.i586.rpm
 26971074ae08c2bc32598a4f8f911739  7.2/SRPMS/glibc-2.1.3-20.2mdk.src.rpm

 Mandrake Linux 8.0:
 963961893a997afbb30fa23d709084d1  8.0/RPMS/glibc-2.2.2-7.1mdk.i586.rpm
 116dcc866c4074540b779c99a98eecd4  8.0/RPMS/glibc-devel-2.2.2-7.1mdk.i586.rpm
 adbf244d2500be2c42376aef8aa28d5e  8.0/RPMS/glibc-profile-2.2.2-7.1mdk.i586.rpm
 7b1cc06ebf558ba5983a357096fc909f  8.0/RPMS/ldconfig-2.2.2-7.1mdk.i586.rpm
 c6907586e0a77ab9d95aa7bc9e44adda  8.0/RPMS/nscd-2.2.2-7.1mdk.i586.rpm
 ae136bd3438fcbbea408c7d76fe69d0e  8.0/SRPMS/glibc-2.2.2-7.1mdk.src.rpm

 Mandrake Linux 8.0/ppc:
 86c28278a1595a420237fa72855a2a0c  ppc/8.0/RPMS/glibc-2.2.2-7.5mdk.ppc.rpm
 88b2f5cd9a68f2dc6e36df15fdc3c347  ppc/8.0/RPMS/glibc-devel-2.2.2-7.5mdk.ppc.rpm
 893b4025ef2a59211c63cd3365443f0d  ppc/8.0/RPMS/glibc-profile-2.2.2-7.5mdk.ppc.rpm
 0951888cc549f15e46f4fc9a636aec62  ppc/8.0/RPMS/ldconfig-2.2.2-7.5mdk.ppc.rpm
 8e46287199cd32a3817ca2785f47e6b8  ppc/8.0/RPMS/nscd-2.2.2-7.5mdk.ppc.rpm
 dcc9401b92874ba4c7f5452a4cf78f78  ppc/8.0/SRPMS/glibc-2.2.2-7.5mdk.src.rpm

 Mandrake Linux 8.1:
 2c08b5496cd485882c3d15606155cbc5  8.1/RPMS/glibc-2.2.4-10.1mdk.i586.rpm
 d038ba89e449f54019edd366eedc595f  8.1/RPMS/glibc-devel-2.2.4-10.1mdk.i586.rpm
 7de7d0da3c2960117d8b43b5c98889df  8.1/RPMS/glibc-profile-2.2.4-10.1mdk.i586.rpm
 bca581b1bc1395fc7a057b8fa15c185d  8.1/RPMS/ldconfig-2.2.4-10.1mdk.i586.rpm
 687fe799aa0794d8bd5b5b58378dae79  8.1/RPMS/nscd-2.2.4-10.1mdk.i586.rpm
 41f84522dbe74c714fa7994e4b86bfbd  8.1/SRPMS/glibc-2.2.4-10.1mdk.src.rpm

 Mandrake Linux 8.1/ia64:
 e3a04b63509878d6554713e626c47c72  ia64/8.1/RPMS/glibc-2.2.4-10.1mdk.ia64.rpm
 a49c16502bae820e13654bd719c48558  ia64/8.1/RPMS/glibc-devel-2.2.4-10.1mdk.ia64.rpm
 244ef3f6ba9280b43a0ba6c5c1950c24  ia64/8.1/RPMS/glibc-profile-2.2.4-10.1mdk.ia64.rpm
 3607a80d5e14ea998243a7411a8c30f0  ia64/8.1/RPMS/ldconfig-2.2.4-10.1mdk.ia64.rpm
 04c541d7d8caf75ab703c535c3adfe65  ia64/8.1/RPMS/nscd-2.2.4-10.1mdk.ia64.rpm
 41f84522dbe74c714fa7994e4b86bfbd  ia64/8.1/SRPMS/glibc-2.2.4-10.1mdk.src.rpm
 Mandrake Linux 8.2:
 b5701348d958ce086a4393b37efcf44d  8.2/RPMS/glibc-2.2.4-25.1mdk.i586.rpm
 1a5cb730eb3cb0a2cc2c55b1c1ee4af6  8.2/RPMS/glibc-devel-2.2.4-25.1mdk.i586.rpm
 914b661041d2e08aa75cc28269c036b3  8.2/RPMS/glibc-profile-2.2.4-25.1mdk.i586.rpm
 2bafee005d7651dc732fb79c863083fd  8.2/RPMS/ldconfig-2.2.4-25.1mdk.i586.rpm
 65b18b2a9f60fe86968c5e61b11ad289  8.2/RPMS/nscd-2.2.4-25.1mdk.i586.rpm
 1c1f01f38a342abc367d2a855de780a8  8.2/SRPMS/glibc-2.2.4-25.1mdk.src.rpm

 Mandrake Linux 8.2/ppc:
 be1ce4bb8dc073e2c8bbb29b86401c0e  ppc/8.2/RPMS/glibc-2.2.4-25.1mdk.ppc.rpm
 1a7cccfefede56d38a32c57192c5d9e1  ppc/8.2/RPMS/glibc-devel-2.2.4-25.1mdk.ppc.rpm
 c009acdeecbdf9eac3e2b8849198216f  ppc/8.2/RPMS/glibc-profile-2.2.4-25.1mdk.ppc.rpm
 7608ef9f00e5708dcfc39444a530e292  ppc/8.2/RPMS/ldconfig-2.2.4-25.1mdk.ppc.rpm
 7b12a32bbef4cfd22b36385e0d319921  ppc/8.2/RPMS/nscd-2.2.4-25.1mdk.ppc.rpm
 1c1f01f38a342abc367d2a855de780a8  ppc/8.2/SRPMS/glibc-2.2.4-25.1mdk.src.rpm

 Corporate Server 1.0.1:
 d71ca3ca95d5acb9545857055a21d62b  1.0.1/RPMS/glibc-2.1.3-20.1mdk.i586.rpm
 e3f9d37a33e5985607e52724918669e7  1.0.1/RPMS/glibc-devel-2.1.3-20.1mdk.i586.rpm
 ed162a965c668c892b085c21df0f207a  1.0.1/RPMS/glibc-profile-2.1.3-20.1mdk.i586.rpm
 7e1401d6e9317b168d49df8a3dcf7848  1.0.1/RPMS/nscd-2.1.3-20.1mdk.i586.rpm
 034cc6d169c15aa173145242e6751898  1.0.1/SRPMS/glibc-2.1.3-20.1mdk.src.rpm

 Single Network Firewall 7.2:
 afa1c7e073ed165e88c83bc6dcf60d58  snf7.2/RPMS/glibc-2.1.3-20.2mdk.i586.rpm
 74e851ab549bd4bb8e016304ad8abba0  snf7.2/RPMS/glibc-devel-2.1.3-20.2mdk.i586.rpm
 45643ce4610a8531d7df055aad6b5d4a  snf7.2/RPMS/glibc-profile-2.1.3-20.2mdk.i586.rpm
 4aaab93eb207273119faaf41728e4faa  snf7.2/RPMS/nscd-2.1.3-20.2mdk.i586.rpm
 26971074ae08c2bc32598a4f8f911739  snf7.2/SRPMS/glibc-2.1.3-20.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one 
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to 
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security@linux-mandrake.com>







 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.