Date: Tue, 15 Jan 2008 00:02:44 -0500 From: Garrett Wollman <wollman@freebsd.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:02.libc Message-ID: <18316.15988.200577.209017@hergotha.csail.mit.edu> In-Reply-To: <200801150428.m0F4SaH1084137@lava.sentex.ca> References: <200801142309.m0EN9has056540@freefall.freebsd.org> <200801150428.m0F4SaH1084137@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 14 Jan 2008 23:28:46 -0500, Mike Tancsa <mike@sentex.net> said: > For the "usual suspects" of applications running, (e.g. sendmail, > apache, BIND etc) would it be possible to pass crafted packets > through to this function remotely via those apps ? ie how easy is this to do ? inet_network() is a very infrequently-used function (perhaps because it's nearly useless except for backward-compatibility). It's referenced by getent(1), isdnd(8), timed(8), and mountd(8) -- the latter three I assume for configuration-file parsing -- and can also be called from getnetbyname(). libbind also includes an implementation of it, but bind itself doen't reference it. route(8) uses it to parse network numbers given on the command line. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18316.15988.200577.209017>