Published: 16/01/2008 Updated: 01/08/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and previous versions, as used in libc in FreeBSD 6.2 up to and including 7.0-PRERELEASE, allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind

This repo walks through metasploitable1 machine and try to get root access by various methods through various vulnerable services

download the machine from wwwvulnhubcom/entry/metasploitable-1,28/ then launch using VMware credentials are msfadmin:msfadmin ip a to get machine Notes : make sure your system is upgraded sudo apt update && sudo apt upgrade sudo apt install exploitdb scan the target using nmap Nmap -sV -Sc 19216819 get 12 open ports (21 -22-23-25-53-80-139-445-3306-

Kioptix-level-1-walk-through download the machine from wwwvulnhubcom/entry/kioptrix-level-1-1,22/ then launch using VMware no credintial are provided Notes : make sure your system is upgraded sudo apt update && sudo apt upgrade sudo apt install exploitdb make sure your main system and the target on the same network scan the target using nmap Nmap -sn 1

Metasploitable2-Walk-through download the machine from wwwvulnhubcom/entry/metasploitable-2,29/ then launch using VMware credentials are msfadmin:msfadmin ip a to get machine Notes : make sure your system is upgraded sudo apt update && sudo apt upgrade sudo apt install exploitdb scan the target using nmap Nmap -sV -Sc 19216819 found some open ports

CWE-189 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://www.securityfocus.com/bid/27283 http://www.securitytracker.com/id?1019189 http://secunia.com/advisories/28367 http://www.isc.org/index.pl?/sw/bind/bind-security.php https://bugzilla.redhat.com/show_bug.cgi?id=429149 https://issues.rpath.com/browse/RPL-2169 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html http://www.kb.cert.org/vuls/id/203611 http://secunia.com/advisories/28579 http://secunia.com/advisories/28487 http://secunia.com/advisories/28429 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow http://secunia.com/advisories/29161 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/29323 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167 http://www.redhat.com/support/errata/RHSA-2008-0300.html http://secunia.com/advisories/30313 http://www.vupen.com/english/advisories/2008/0193 http://www.vupen.com/english/advisories/2008/0703 http://www.vupen.com/english/advisories/2008/1743/references https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 https://exchange.xforce.ibmcloud.com/vulnerabilities/39670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190 http://www.securityfocus.com/archive/1/487000/100/0/threaded https://nvd.nist.gov https://github.com/Heshamshaban001/Metasploitable1-walkthrough https://www.kb.cert.org/vuls/id/203611

CVE-2008-0122

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect