Published: 23/10/2008 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 prior to 1.2.8 allows remote malicious users to execute arbitrary code via a long DNS TXT record with a modified length field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libspf libspf2 1.2.5
libspf libspf2 1.2.4
libspf libspf2 1.2.3
libspf libspf2 1.2.1
libspf libspf2 1.0.4
libspf libspf2 1.0.3
libspf libspf2
libspf libspf2 1.2.6
libspf libspf2 1.0.2

Advisory: DNS TXT Record Parsing Bug in LibSPF2 Author: Dan Kaminsky, Director of Penetration Testing, IOActive Inc, DanKaminsky@ioactivecom (PGP Key In Appendix) Abstract: A relatively common bug parsing TXT records delivered over DNS, dating at least back to 2002 in Sendmail 820 and almost certainly much earlier, has been found in LibSPF2 ...

CWE-119 http://www.securityfocus.com/bid/31881 http://www.kb.cert.org/vuls/id/183657 http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254 https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025 http://www.doxpara.com/?p=1263 http://www.doxpara.com/?page_id=1256 https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1 http://security.gentoo.org/glsa/glsa-200810-03.xml http://secunia.com/advisories/32496 http://secunia.com/advisories/32450 http://securityreason.com/securityalert/4487 http://www.debian.org/security/2008/dsa-1659 http://secunia.com/advisories/32396 http://secunia.com/advisories/32720 http://up2date.astaro.com/2008/11/up2date_7305_released.html http://www.vupen.com/english/advisories/2008/2896 https://exchange.xforce.ibmcloud.com/vulnerabilities/46055 https://www.exploit-db.com/exploits/6805 https://nvd.nist.gov https://www.exploit-db.com/exploits/6805/https://www.kb.cert.org/vuls/id/183657

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2469

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect