CVE-2008-0122
Published: 16 January 2008
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Notes
| Author | Note |
|---|---|
| jdstrand | from RH bug: This problem allows an attacker to write 1 unsigned long int value (4 or 8 bytes, depending on the platform used) beyond the end of the buffer. This overwrite is too short to modify function return address, so this problem does not seem to be easily exploitable or verifiable using reproducer. nothing linked against libbind9 in any Ubuntu releases, except for bind9 packages, and upstream says that none of the applications shipped with BIND 9 call inet_network() |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bind9 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(1:9.4.2-8)
|
|
| intrepid |
Released
(1:9.4.2-8)
|
|
| jaunty |
Released
(1:9.4.2-8)
|
|
| karmic |
Released
(1:9.4.2-8)
|
|
| lucid |
Released
(1:9.4.2-8)
|
|
| maverick |
Released
(1:9.4.2-8)
|
|
| natty |
Released
(1:9.4.2-8)
|
|
| upstream |
Released
(1:9.4.2-8)
|