CVE-2002-0651

Name of the Vulnerable Software and Affected Versions glibc versions 2.0 through 2.2.5 glibc versions 2.1.1 through 2.1.3 glibc version 2.1.9 and earlier

Description The issue concerns multiple buffer overflows in the DNS resolver code used in glibc, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code. This can lead to a violation of confidentiality, integrity, and availability of protected information. The getnetbyname() and getnetbyaddr() functions are specifically vulnerable, handling network name and address lookups. A remote attacker in control of a DNS server could overflow a buffer by sending a malformed DNS response to a vulnerable server, causing the system to crash or execute arbitrary code with the same privileges as the process that calls the DNS resolver function.

Recommendations For glibc versions 2.0 through 2.2.5, update to a version outside of this range to mitigate the risk. For glibc versions 2.1.1 through 2.1.3, consider disabling the getnetbyname() and getnetbyaddr() functions as a temporary workaround until a patch is available. For glibc version 2.1.9 and earlier, restrict access to the DNS resolver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.