Fix for Posadis 0.60.x/Poslib 1.0.x for Windows security bug      [14-10-2003]
============================================================

NOTE: This is a re-write of the original document.

Products affected
-----------------

This advisory applies to Posadis 0.60.1 and earlier for Windows, and Poslib
1.0.1 and earlier for Windows.

Description
-----------

Poslib for Windows is built with IPv6 sockets, but the structure that holds
IPv6 addresses is too small. This means Posadis might crash when it receives
an IPv6 address as a nameserver for a domain name it is looking up. This
causes a buffer overflow.

This bug is not very likely to be remotely exploitable.

Fixes
-----

Fixed Posadis and Poslib exes for Windows can be downloaded from

  http://www.posadis.org/download.php

More information
----------------

If you have any information to contribute to this bug advisory, you can post
your experiences in the SourceForge bug report

 https://sourceforge.net/tracker/
  ?func=detail&atid=380732&aid=806189&group_id=24199

Alternatively, you can send an e-mail to me:

  meilof@users.sourceforge.net