Users login

Create an account »


Users login

Home » Hacking News » CSSA-2002-SCO.37-buffer overflow in DNS resolver

CSSA-2002-SCO.37-buffer overflow in DNS resolver

by Nikola Strahija on August 25th, 2002 From CERT CA-2002-19: A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system.

2. Vulnerable Supported Versions

System Binaries
UnixWare 7.1.1 /usr/lib/

3. Solution

The proper solution is to install the latest packages.

4. UnixWare 7.1.1

4.1 Location of Fixed Binaries

4.2 Verification

MD5 (erg501624.pkg.Z) = cb425affbc7740e3338dfd55409ba0f0

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg501624.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg501624.pkg.Z
# pkgadd -d /var/spool/pkg/erg501624.pkg

5. References

Specific references for this advisory:

Caldera security resources:

This security fix closes Caldera incidents sr866551, fz521493,

6. Disclaimer

Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.

7. Acknowledgements

Caldera thanks Joost Pol of PINE-CERT and the FreeBSD Project
for their analysis of these vulnerabilities.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »