COMMAND
	    libc
SYSTEMS AFFECTED
	    FreeBSD 4.x (all releases prior to 4.2), 4.1.1-STABLE prior to 2000/09/25
PROBLEM
	    Following is based on a FreeBSD-SA-00:63 Security Advisory and  it
	    was  found  originally  by  Pavel  Kankovsky.   The  getnameinfo()
	    function is part of the protocol-independent resolver library from
	    the KAME project.
	    An  off-by-one  error  exists  in  the processing of DNS hostnames
	    which  allows  a  long  DNS  hostname  to  crash the getnameinfo()
	    function when an address  resolution of the hostname  is performed
	    (e.g. in response to a connection to a service which makes use  of
	    getnameinfo()).
	    Under the following conditions, this  bug can be used as  a denial
	    of service attack against vulnerable services:
	
	        * The attacker must control their DNS server.
	        * The service must be run as a persistent daemon (i.e. running
	          "standalone",  not  spawned  as-needed  from  a   supervisor
	          process such as inetd)
	        * The daemon must perform the getnameinfo() call on the remote
	          hostname  prior  to  forking  a  child process to handle the
	          connection (otherwise  it is  just the  child process  which
	          dies, and the parent remains running).
	        * The daemon  is not automatically  restarted by a  "watchdog"
	          process.
	
	    All released versions of FreeBSD 4.x prior to the correction  date
	    including 4.0, 4.1, and 4.1.1 are vulnerable to this problem,  but
	    it was fixed  in the 4.1.1-STABLE  branch prior to  the release of
	    FreeBSD 4.2-RELEASE.  The  FreeBSD 3.x branch is  unaffected since
	    it does not include the KAME code.
	    Note  that  this   vulnerability  is  not   believed  to  pose   a
	    vulnerability for any servers included in the FreeBSD base system.
	    It is  only a  potential problem  for certain  third party servers
	    fulfilling  the  above  conditions  (none  of  which are currently
	    known).   Therefore the  impact on  the vast  majority of  FreeBSD
	    systems is expected to be nonexistent.
	    Remote users may be  able to cause a  very small class of  network
	    servers  to  terminate  abnormally,  causing  a  denial of service
	    condition.
SOLUTION
	    1) Upgrade  your  vulnerable  FreeBSD  4.x system to  4.1.1-STABLE
	       after the correction date.
	    2) Apply the patch below and recompile the relevant files:
	       Either save this advisory to a file, or download the patch  and
	       detached PGP signature from the following locations, and verify
	       the signature using your PGP utility.
	       ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch
	       ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc
	       Execute the following commands as root:
	       # cd /usr/src/lib/libc
	       # patch -p < /path/to/patch_or_advisory
	       # make depend && make all install
	    Patch for vulnerable systems:
	
	    --- net/getnameinfo.c	2000/07/05 05:09:17	1.5
	    +++ net/getnameinfo.c	2000/09/25 23:04:36	1.6
	    @@ -154,12 +153,12 @@
	 				    (flags & NI_DGRAM) ? "udp" : "tcp");
	 		    }
	 		    if (sp) {
	    -			if (strlen(sp->s_name) > servlen)
	    +			if (strlen(sp->s_name) + 1 > servlen)
	 				    return ENI_MEMORY;
	 			    strcpy(serv, sp->s_name);
	 		    } else {
	 			    snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
	    -			if (strlen(numserv) > servlen)
	    +			if (strlen(numserv) + 1 > servlen)
	 				    return ENI_MEMORY;
	 			    strcpy(serv, numserv);
	 		    }
	    @@ -253,7 +252,7 @@
	 					    *p = '\0';
	 			    }
	     #endif
	    -			if (strlen(hp->h_name) > hostlen) {
	    +			if (strlen(hp->h_name) + 1 > hostlen) {
	 				    freehostent(hp);
	 				    return ENI_MEMORY;
	 			    }