Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0102 -- [UNIX/Linux] libc - inet_network() off-by-one buffer overflow 30 January 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libc Publisher: US-CERT Operating System: UNIX variants (UNIX, Linux) Impact: Denial of Service Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2008-0122 Ref: ESB-2008.0053 Original Bulletin: http://www.kb.cert.org/vuls/id/203611 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#203611 inet_network() off-by-one buffer overflow Overview The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I. Description The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow. II. Impact A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system. III. Solution Apply an update FreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc GNU libc - This issue was resolved on February 11, 2000 in the main (diff) and glibc 2.1 (diff) branches libbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, or later. A patch is also available in the ISC Advisory Systems Affected Vendor Status Date Updated Apple Computer, Inc. Not Vulnerable 25-Jan-2008 BlueCat Networks, Inc. Unknown 17-Jan-2008 CentOS Unknown 17-Jan-2008 Check Point Software Technologies Unknown 17-Jan-2008 Conectiva Inc. Unknown 17-Jan-2008 Cray Inc. Unknown 17-Jan-2008 Debian GNU/Linux Unknown 21-Jan-2008 EMC Corporation Unknown 17-Jan-2008 Engarde Secure Linux Unknown 17-Jan-2008 F5 Networks, Inc. Unknown 17-Jan-2008 Fedora Project Unknown 17-Jan-2008 FreeBSD, Inc. Vulnerable 25-Jan-2008 Fujitsu Unknown 17-Jan-2008 Gentoo Linux Unknown 17-Jan-2008 Gnu ADNS Unknown 17-Jan-2008 GNU glibc Vulnerable 25-Jan-2008 Hewlett-Packard Company Unknown 17-Jan-2008 Hitachi Unknown 17-Jan-2008 IBM Corporation Unknown 17-Jan-2008 IBM Corporation (zseries) Unknown 17-Jan-2008 IBM eServer Unknown 17-Jan-2008 Infoblox Unknown 17-Jan-2008 Ingrian Networks, Inc. Not Vulnerable 29-Jan-2008 Internet Software Consortium Unknown 10-Dec-2007 Juniper Networks, Inc. Unknown 17-Jan-2008 Lucent Technologies Unknown 17-Jan-2008 Mandriva, Inc. Not Vulnerable 21-Jan-2008 Men & Mice Unknown 17-Jan-2008 Metasolv Software, Inc. Unknown 17-Jan-2008 Microsoft Corporation Not Vulnerable 18-Jan-2008 MontaVista Software, Inc. Unknown 17-Jan-2008 NEC Corporation Unknown 17-Jan-2008 NetBSD Unknown 17-Jan-2008 Nortel Networks, Inc. Unknown 17-Jan-2008 Novell, Inc. Unknown 17-Jan-2008 OpenBSD Vulnerable 21-Jan-2008 Openwall GNU/*/Linux Unknown 17-Jan-2008 QNX, Software Systems, Inc. Unknown 17-Jan-2008 Red Hat, Inc. Unknown 17-Jan-2008 Shadowsupport Unknown 17-Jan-2008 Silicon Graphics, Inc. Unknown 17-Jan-2008 Slackware Linux Inc. Unknown 17-Jan-2008 Sony Corporation Unknown 17-Jan-2008 Sun Microsystems, Inc. Unknown 17-Jan-2008 SUSE Linux Unknown 17-Jan-2008 The SCO Group Unknown 17-Jan-2008 Trustix Secure Linux Unknown 17-Jan-2008 Turbolinux Unknown 17-Jan-2008 Ubuntu Unknown 17-Jan-2008 Unisys Unknown 17-Jan-2008 Wind River Systems, Inc. Unknown 17-Jan-2008 References http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.6.2.1&r2=1.6.2.2&cvsroot=glibc&f=h http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.8&r2=1.9&cvsroot=glibc&f=h http://www.securityfocus.com/bid/27283 http://securitytracker.com/alerts/2008/Jan/1019189.html http://secunia.com/advisories/28367 http://xforce.iss.net/xforce/xfdb/39670 Credit Thanks to Mark Andrews of ISC for reporting this vulnerability. This document was written by Will Dormann. Other Information Date Public 12/10/2007 Date First Published 01/25/2008 01:35:01 PM Date Last Updated 01/29/2008 CERT Advisory CVE Name CVE-2008-0122 US-CERT Technical Alerts Metric 0.76 Document Revision 10 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBR6AO1Sh9+71yA2DNAQJUoAP8C96LeR0YDAEbJ8eJ6k0YoygBEP92yNJ4 RlTkt0RBoxEj/ecJhTHb7ZuHeNKV6LeG2vpuUE2Kl81YZfly/wPNojda8iREP2Oq qCdLcJUk00mxDb/f6J8u9Asyq+aoSySZzyIasiFYdd1HZrtO8yPQ5Zl0DtMdeE05 08ArF+uNOiY= =QS/C -----END PGP SIGNATURE-----