Vulnerability Note VU#203611

inet_network() off-by-one buffer overflow

Original Release date: 25 Jan 2008 | Last revised: 28 Apr 2008

Overview

The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.

Solution

Apply an update

    FreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc
    GNU libc - This issue was resolved on February 11, 2000 in the main (diff) and glibc 2.1 (diff) branches
    libbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, or later. A patch is also available in the ISC Advisory

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
FreeBSD, Inc.Affected17 Jan 200825 Jan 2008
GNU glibcAffected17 Jan 200825 Jan 2008
OpenBSDAffected17 Jan 200821 Jan 2008
Apple Computer, Inc.Not Affected17 Jan 200825 Jan 2008
BlueCat Networks, Inc.Not Affected17 Jan 200828 Apr 2008
Hewlett-Packard CompanyNot Affected17 Jan 200831 Jan 2008
InfobloxNot Affected17 Jan 200831 Jan 2008
Ingrian Networks, Inc.Not Affected17 Jan 200829 Jan 2008
Mandriva, Inc.Not Affected17 Jan 200821 Jan 2008
Microsoft CorporationNot Affected17 Jan 200818 Jan 2008
CentOSUnknown17 Jan 200817 Jan 2008
Check Point Software TechnologiesUnknown17 Jan 200817 Jan 2008
Conectiva Inc.Unknown17 Jan 200817 Jan 2008
Cray Inc.Unknown17 Jan 200817 Jan 2008
Debian GNU/LinuxUnknown17 Jan 200821 Jan 2008
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Mark Andrews of ISC for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2008-0122
  • Date Public: 10 Dec 2007
  • Date First Published: 25 Jan 2008
  • Date Last Updated: 28 Apr 2008
  • Severity Metric: 0.76
  • Document Revision: 13

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.