Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2469

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2469
Last Modified 07 Mar 2011 10:09:14
Published 23 Oct 2008 06:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2469

Summary

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

Vulnerable Systems

Application

  • Libspf2 1.0.2

  • Libspf2 1.0.3

  • Libspf2 1.0.4

  • Libspf2 1.2.1

  • Libspf2 1.2.3

  • Libspf2 1.2.4

  • Libspf2 1.2.5

  • Libspf2 1.2.6

  • Libspf2 1.2.7


References

CERT-VN - VU#183657

BID - 31881

CONFIRM - https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025

CONFIRM - https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1

XF - libspf2-dnstxtrecord-bo(46055)

VUPEN - ADV-2008-2896

MILW0RM - 6805

MISC - http://www.doxpara.com/?page_id=1256

MISC - http://www.doxpara.com/?p=1263

DEBIAN - DSA-1659

CONFIRM - http://up2date.astaro.com/2008/11/up2date_7305_released.html

SREASON - 4487

GENTOO - GLSA-200810-03

SECUNIA - 32720

SECUNIA - 32496

SECUNIA - 32450

SECUNIA - 32396

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254


Last Updated: 27 May 2016 10:47:52