CVE-2002-0684

Name of the Vulnerable Software and Affected Versions glibc versions 2.0 through 2.2.5 ISC BIND versions 4.9 through 9.2.1

Description The issue concerns buffer overflows in DNS resolver functions, including getnetbyname() and getnetbyaddr(), which handle network name and address lookups. A remote attacker in control of a DNS server could overflow a buffer and cause the system to crash or execute arbitrary code on the system with the same privileges as the process that calls the DNS resolver function.

Recommendations For glibc versions 2.0 through 2.2.5, update to a version that is not affected by this issue. For ISC BIND versions 4.9 through 9.2.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the DNS resolver functions until a patch is available. Avoid using the getnetbyname() and getnetbyaddr() functions in the affected API endpoints until the issue is resolved.