Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                       ESB-2008.0102 -- [UNIX/Linux]
             libc - inet_network() off-by-one buffer overflow
                              30 January 2008


        AusCERT Security Bulletin Summary

Product:              libc
Publisher:            US-CERT
Operating System:     UNIX variants (UNIX, Linux)
Impact:               Denial of Service
                      Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-0122

Ref:                  ESB-2008.0053

Original Bulletin:    http://www.kb.cert.org/vuls/id/203611

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability Note VU#203611

inet_network() off-by-one buffer overflow


The inet_network() resolver function contains an off-by-one buffer overflow, 
which may allow a remote, unauthenticated attacker to execute arbitrary code 
on a vulnerable system.

I. Description

The inet_network() function takes a character string representation for an 
internet address and returns the internet network number in integer form. 
inet_network() is implemented by various libbind, libc, and GNU libc versions.
Applications that link against a vulnerable version of inet_network() may be 
vulnerable to a one-byte overflow.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or 
cause a denial of service on a vulnerable system.

III. Solution
Apply an update

      FreeBSD libc - Apply the patch in FreeBSD Security Advisory 
      GNU libc - This issue was resolved on February 11, 2000 in the main 
                (diff) and glibc 2.1 (diff) branches
      libbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, 
                or later. A patch is also available in the ISC Advisory

Systems Affected

Vendor                    Status             Date Updated
Apple Computer, Inc.      Not Vulnerable     25-Jan-2008
BlueCat Networks, Inc.    Unknown            17-Jan-2008
CentOS                    Unknown            17-Jan-2008
Check Point Software 
   Technologies           Unknown            17-Jan-2008
Conectiva Inc.            Unknown            17-Jan-2008
Cray Inc.                 Unknown            17-Jan-2008
Debian GNU/Linux          Unknown            21-Jan-2008
EMC Corporation           Unknown            17-Jan-2008
Engarde Secure Linux      Unknown            17-Jan-2008
F5 Networks, Inc.         Unknown            17-Jan-2008
Fedora Project            Unknown            17-Jan-2008
FreeBSD, Inc.             Vulnerable         25-Jan-2008
Fujitsu                   Unknown            17-Jan-2008
Gentoo Linux              Unknown            17-Jan-2008
Gnu ADNS                  Unknown            17-Jan-2008
GNU glibc                 Vulnerable         25-Jan-2008
Hewlett-Packard Company   Unknown            17-Jan-2008
Hitachi                   Unknown            17-Jan-2008
IBM Corporation           Unknown            17-Jan-2008
IBM Corporation (zseries) Unknown            17-Jan-2008
IBM eServer               Unknown            17-Jan-2008
Infoblox                  Unknown            17-Jan-2008
Ingrian Networks, Inc.    Not Vulnerable     29-Jan-2008
Internet Software 
   Consortium             Unknown            10-Dec-2007
Juniper Networks, Inc.    Unknown            17-Jan-2008
Lucent Technologies       Unknown            17-Jan-2008
Mandriva, Inc.            Not Vulnerable     21-Jan-2008
Men & Mice                Unknown            17-Jan-2008
Metasolv Software, Inc.   Unknown            17-Jan-2008
Microsoft Corporation     Not Vulnerable     18-Jan-2008
MontaVista Software, Inc. Unknown            17-Jan-2008
NEC Corporation           Unknown            17-Jan-2008
NetBSD                    Unknown            17-Jan-2008
Nortel Networks, Inc.     Unknown            17-Jan-2008
Novell, Inc.              Unknown            17-Jan-2008
OpenBSD                   Vulnerable         21-Jan-2008
Openwall GNU/*/Linux      Unknown            17-Jan-2008
QNX, Software Systems, 
  Inc.                    Unknown            17-Jan-2008
Red Hat, Inc.             Unknown            17-Jan-2008
Shadowsupport             Unknown            17-Jan-2008
Silicon Graphics, Inc.    Unknown            17-Jan-2008
Slackware Linux Inc.      Unknown            17-Jan-2008
Sony Corporation          Unknown            17-Jan-2008
Sun Microsystems, Inc.    Unknown            17-Jan-2008
SUSE Linux                Unknown            17-Jan-2008
The SCO Group             Unknown            17-Jan-2008
Trustix Secure Linux      Unknown            17-Jan-2008
Turbolinux                Unknown            17-Jan-2008
Ubuntu                    Unknown            17-Jan-2008
Unisys                    Unknown            17-Jan-2008
Wind River Systems, Inc.  Unknown            17-Jan-2008




Thanks to Mark Andrews of ISC for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public             12/10/2007
Date First Published    01/25/2008 01:35:01 PM
Date Last Updated       01/29/2008

CERT Advisory	 
CVE Name	CVE-2008-0122
US-CERT Technical Alerts	 
Metric	0.76
Document Revision	10

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.

Comment: http://www.auscert.org.au/render.html?it=1967