Vulnerability in DNS Resolver Library: Limited Urchin 4 Exposure
On June 28, the CERT Coordination Center released advisory CA-2002-19 concerning a security hole in certain DNS resolver library implementations. The complete details on this advisory can be viewed at:
Impact on Urchin Customers
Although Urchin is statically linked using the resolver library, it does not use resolver library routines to do general DNS lookups as part of its log processing. Urchin makes direct socket connections to the DNS server, which circumvents the resolver. The only resolver routines Urchin uses are a single calls to the gethostbyname() and gethostent() library routines to verify the name of the system it is running on. These calls should always be handled locally by the machine and not externally.
In summary, even Urchin binaries that are statically linked against vulnerable resolver libraries should not be exposed to any security threat.