The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.
Apply an update
FreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc
Thanks to Mark Andrews of ISC for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2008-01-25|
|Date Last Updated:||2008-04-28 13:54 UTC|