[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function
Bug #203476 reported by
disabled.user
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Debian) |
Fix Released
|
Unknown
|
|||
bind9 (Gentoo Linux) |
Invalid
|
Medium
|
|||
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
LaMont Jones | ||
Dapper |
Won't Fix
|
Low
|
Unassigned | ||
Edgy |
Won't Fix
|
Low
|
Unassigned | ||
Feisty |
Won't Fix
|
Low
|
Unassigned | ||
Gutsy |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Binary package hint: libbind9-0
References:
SUSE-SR:2008:006
Quoting CVE-2008-0122:
"Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption."
CVE References
Changed in bind9: | |
status: | Unknown → Fix Released |
Changed in bind9: | |
importance: | Undecided → Low |
importance: | Undecided → Low |
importance: | Undecided → Low |
Changed in bind9: | |
importance: | Undecided → Low |
Changed in bind9: | |
status: | Unknown → In Progress |
Changed in bind9 (Gentoo Linux): | |
status: | In Progress → Invalid |
Changed in bind9 (Gentoo Linux): | |
importance: | Unknown → Medium |
To post a comment you must log in.
in 1:9.4.2-8, on the off chance that anyone in the world actually uses libbind9 to build packages on either linux distro.