From: Holger.VanKoll@SWISSCOM.COM
Date: Fri Jul 12 2002 - 06:11:08 EDT
you could check with genfilt or tcpdump if you have any dns-traffic
you should not... but if you want to be sure check it
> -----Original Message-----
> From: Adams Kevin J [mailto:kevin.adams@PHS.COM]
> Sent: Mittwoch, 10. Juli 2002 23:57
> To: aix-l@Princeton.EDU
> Subject: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS
> Resolver Libraries
>
>
> The above CERT Advisory just came out and deals with a DNS
> resolver library
> security exposure.
>
> I have no /etc/resolv.conf and do not set NSORDER and my /netsvc.conf
> specifies "hosts=local", so I don't go after a real DNS, but
> am I using the
> DNS libraries none the less when I go after /etc/hosts? i.e.,
> gethostbyaddr
> and gethostname.
>
> In other words, am I still vulnerable even if I only use a
> hosts file? I
> would think not, but just making sure.
>
> The text of the advisory is available at http://www.cert.org/.
>
> I just re-read the cert and it mentions an attacker who send
> malicious DNS
> responses, so it appears you need to be using a real DNS.
>
> I hadn't seen any traffic on this, so there you go.
>
> Thanks,
> Kevin Adams
>
>
>
> This electronic message transmission, including any
> attachments, contains information from PacifiCare Health
> Systems Inc. which may be confidential or privileged. The
> information is intended to be for the use of the individual
> or entity named above. If you are not the intended recipient,
> be aware that any disclosure, copying, distribution or use of
> the contents of this information is prohibited.
>
> If you have received this electronic transmission in error,
> please notify the sender immediately by a "reply to sender
> only" message and destroy all electronic and hard copies of
> the communication, including attachments.
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:03 EDT