Vulnerability in DNS Resolver Library: Limited Urchin 4 Exposure

Overview

On June 28, the CERT Coordination Center released advisory CA-2002-19 concerning a security hole in certain DNS resolver library implementations. The complete details on this advisory can be viewed at:

The advisory states that a program that is compiled using the affected resolver library, when making queries to a DNS server, could be vulnerable to malicious code sent by an attacker who has gained control of the DNS server. It is recommended that programs that are statically linked to a vulnerable resolver library be recompiled using a upgraded, patched library.

Impact on Urchin Customers

Although Urchin is statically linked using the resolver library, it does not use resolver library routines to do general DNS lookups as part of its log processing. Urchin makes direct socket connections to the DNS server, which circumvents the resolver. The only resolver routines Urchin uses are a single calls to the gethostbyname() and gethostent() library routines to verify the name of the system it is running on. These calls should always be handled locally by the machine and not externally.

In summary, even Urchin binaries that are statically linked against vulnerable resolver libraries should not be exposed to any security threat.