Vulnerability Note VU#203611

inet_network() off-by-one buffer overflow

Overview

The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.

III. Solution

Apply an update

FreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc
GNU libc - This issue was resolved on February 11, 2000 in the main (diff) and glibc 2.1 (diff) branches
libbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, or later. A patch is also available in the ISC Advisory

Systems Affected

Vendor	Status	Date Notified
Apple Computer, Inc.	Not Vulnerable	25-Jan-2008
BlueCat Networks, Inc.	Not Vulnerable	28-Apr-2008
CentOS	Unknown	17-Jan-2008
Check Point Software Technologies	Unknown	17-Jan-2008
Conectiva Inc.	Unknown	17-Jan-2008
Cray Inc.	Unknown	17-Jan-2008
Debian GNU/Linux	Unknown	21-Jan-2008
EMC Corporation	Unknown	17-Jan-2008
Engarde Secure Linux	Unknown	17-Jan-2008
F5 Networks, Inc.	Unknown	17-Jan-2008
Fedora Project	Unknown	17-Jan-2008
FreeBSD, Inc.	Vulnerable	25-Jan-2008
Fujitsu	Unknown	17-Jan-2008
Gentoo Linux	Unknown	17-Jan-2008
Gnu ADNS	Unknown	17-Jan-2008
GNU glibc	Vulnerable	25-Jan-2008
Hewlett-Packard Company	Not Vulnerable	31-Jan-2008
Hitachi	Unknown	17-Jan-2008
IBM Corporation	Unknown	17-Jan-2008
IBM Corporation (zseries)	Unknown	17-Jan-2008
IBM eServer	Unknown	17-Jan-2008
Infoblox	Not Vulnerable	31-Jan-2008
Ingrian Networks, Inc.	Not Vulnerable	29-Jan-2008
Internet Software Consortium	Unknown	10-Dec-2007
Juniper Networks, Inc.	Unknown	17-Jan-2008
Lucent Technologies	Unknown	17-Jan-2008
Mandriva, Inc.	Not Vulnerable	21-Jan-2008
Men & Mice	Unknown	17-Jan-2008
Metasolv Software, Inc.	Unknown	17-Jan-2008
Microsoft Corporation	Not Vulnerable	18-Jan-2008
MontaVista Software, Inc.	Unknown	17-Jan-2008
NEC Corporation	Unknown	17-Jan-2008
NetBSD	Unknown	17-Jan-2008
Nortel Networks, Inc.	Unknown	17-Jan-2008
Novell, Inc.	Unknown	17-Jan-2008
OpenBSD	Vulnerable	21-Jan-2008
Openwall GNU/*/Linux	Unknown	17-Jan-2008
QNX, Software Systems, Inc.	Unknown	17-Jan-2008
Red Hat, Inc.	Unknown	17-Jan-2008
Shadowsupport	Unknown	17-Jan-2008
Silicon Graphics, Inc.	Unknown	17-Jan-2008
Slackware Linux Inc.	Unknown	17-Jan-2008
Sony Corporation	Unknown	17-Jan-2008
Sun Microsystems, Inc.	Unknown	17-Jan-2008
SUSE Linux	Unknown	17-Jan-2008
The SCO Group	Unknown	17-Jan-2008
Trustix Secure Linux	Unknown	17-Jan-2008
Turbolinux	Unknown	17-Jan-2008
Ubuntu	Unknown	17-Jan-2008
Unisys	Unknown	17-Jan-2008
Wind River Systems, Inc.	Unknown	17-Jan-2008

References

http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.6.2.1&r2=1.6.2.2&cvsroot=glibc&f=h
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.8&r2=1.9&cvsroot=glibc&f=h
http://www.securityfocus.com/bid/27283
http://securitytracker.com/alerts/2008/Jan/1019189.html
http://secunia.com/advisories/28367
http://xforce.iss.net/xforce/xfdb/39670

Credit

Thanks to Mark Andrews of ISC for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:	2007-12-10
Date First Published:	2008-01-25
Date Last Updated:	2008-04-28
CERT Advisory:
CVE-ID(s):	CVE-2008-0122
NVD-ID(s):	CVE-2008-0122
US-CERT Technical Alerts:
Metric:	0.76
Document Revision:	13

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader