Bug 429149 (CVE-2008-0122)
Summary: | CVE-2008-0122 libbind off-by-one buffer overflow | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Tkac <atkac> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | kreilly, ovasik, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-12-23 16:11:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 429534, 430473, 658349 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Comment 3
Tomas Hoger
2008-01-17 16:46:15 UTC
Created attachment 292030 [details]
patch for this issue
Issue is already public for libbind: http://marc.info/?l=bind-announce&m=120067515802939&w=2 GNU libc implementation seems to be based on the very same BSD code used by FreeBSD and ISC Bind, but has this change applied in all versions shipped with Red Hat Enterprise Linux (the oldest version is 2.2.4). From inet/inet_net.c: if (!digit) return (INADDR_NONE); if (pp >= parts + 4 || val > 0xff) return (INADDR_NONE); if (*cp == '.') { *pp++ = val, cp++; goto again; } Statement: This issue did not affect the versions of GNU libc as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affects the versions of libbind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, however the vulnerable function is not used by any shipped applications. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0122 bind-9.4.2-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This problem allows an attacker to write 1 unsigned long int value (4 or 8 bytes, depending on the platform used) beyond the end of the buffer. This overwrite is too short to modify function return address, so this problem does not seem to be easily exploitable or verifiable using reproducer. This was addressed via: Red Hat Enterprise Linux version 5 (RHSA-2008:0300) |