From owner-freebsd-security@FreeBSD.ORG  Tue Jan 15 05:35:28 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E42BA16A418
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 05:35:28 +0000 (UTC)
	(envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu (hergotha.csail.mit.edu [66.92.79.170])
	by mx1.freebsd.org (Postfix) with ESMTP id B116213C455
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 05:35:28 +0000 (UTC)
	(envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu (localhost [127.0.0.1])
	by hergotha.csail.mit.edu (8.13.8/8.13.8) with ESMTP id m0F52i4C033592; 
	Tue, 15 Jan 2008 00:02:44 -0500 (EST)
	(envelope-from wollman@hergotha.csail.mit.edu)
Received: (from wollman@localhost)
	by hergotha.csail.mit.edu (8.13.8/8.13.8/Submit) id m0F52i57033589;
	Tue, 15 Jan 2008 00:02:44 -0500 (EST) (envelope-from wollman)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <18316.15988.200577.209017@hergotha.csail.mit.edu>
Date: Tue, 15 Jan 2008 00:02:44 -0500
From: Garrett Wollman <wollman@freebsd.org>
To: Mike Tancsa <mike@sentex.net>
In-Reply-To: <200801150428.m0F4SaH1084137@lava.sentex.ca>
References: <200801142309.m0EN9has056540@freefall.freebsd.org>
	<200801150428.m0F4SaH1084137@lava.sentex.ca>
X-Mailer: VM 7.17 under 21.4 (patch 21) "Educational Television" XEmacs Lucid
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0
	(hergotha.csail.mit.edu [127.0.0.1]);
	Tue, 15 Jan 2008 00:02:44 -0500 (EST)
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED
	autolearn=disabled version=3.2.3
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
	hergotha.csail.mit.edu
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:02.libc
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2008 05:35:29 -0000

<<On Mon, 14 Jan 2008 23:28:46 -0500, Mike Tancsa <mike@sentex.net> said:

> For the "usual suspects" of applications running, (e.g. sendmail, 
> apache, BIND etc) would it be possible to pass crafted packets 
> through to this function remotely via those apps ?  ie how easy is this to do ?

inet_network() is a very infrequently-used function (perhaps because
it's nearly useless except for backward-compatibility).  It's
referenced by getent(1), isdnd(8), timed(8), and mountd(8) -- the
latter three I assume for configuration-file parsing -- and can also
be called from getnetbyname().  libbind also includes an
implementation of it, but bind itself doen't reference it.  route(8)
uses it to parse network numbers given on the command line.

-GAWollman