From owner-freebsd-security@FreeBSD.ORG  Tue Jan 15 05:22:55 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 742AD16A418
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 05:22:55 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org
	[IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc])
	by mx1.freebsd.org (Postfix) with ESMTP id 432A413C468
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 05:22:54 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
	by drugs.dv.isc.org (8.14.2/8.14.1) with ESMTP id m0F5MqV1061436;
	Tue, 15 Jan 2008 16:22:52 +1100 (EST)
	(envelope-from marka@drugs.dv.isc.org)
Message-Id: <200801150522.m0F5MqV1061436@drugs.dv.isc.org>
To: Mike Tancsa <mike@sentex.net>
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Mon, 14 Jan 2008 23:28:46 CDT."
	<200801150428.m0F4SaH1084137@lava.sentex.ca> 
Date: Tue, 15 Jan 2008 16:22:52 +1100
Sender: marka@isc.org
X-Mailman-Approved-At: Tue, 15 Jan 2008 05:50:20 +0000
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:02.libc 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2008 05:22:55 -0000


> At 06:09 PM 1/14/2008, FreeBSD Security Advisories wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >============================================================================
> =
> >FreeBSD-SA-08:02.libc                                       Security Advisor
> y
> >                                                           The FreeBSD Proje
> ct
> >
> >Topic:          inet_network() buffer overflow
> >
> >For programs which passes untrusted data to inet_network(), an
> >attacker may be able to overwrite a region of memory with user defined
> >data by causing specially crafted input to be passed to
> >inet_network().
> 
> For the "usual suspects" of applications running, (e.g. sendmail, 
> apache, BIND etc) would it be possible to pass crafted packets 
> through to this function remotely via those apps ?  ie how easy is this to do
>  ?

	The usual suspects don't call inet_network().
	route calls inet_network() but not routed doesn't.

	Mark

% nm /usr/obj/usr/src/usr.sbin/sendmail/sendmail | grep inet
         U __inet_addr
         U __inet_ntoa
         U __inet_ntop
         U __inet_pton
% 

% nm /usr/obj/usr/src/usr.sbin/named/named | grep inet
         U __inet_aton
         U __inet_ntop
         U __inet_pton
0817f084 d cfg_type_inetcontrol
0814ee20 t inet_ntop4
0814f0f8 t inet_pton4
080fb668 t inet_totext
0817f0a0 d inetcontrol_fields
% 
	
% nm /usr/obj/usr/src/sbin/route/route | grep inet
         U __inet_aton
         U __inet_lnaof
         U __inet_network
         U __inet_ntoa
08049a94 T inet_makenetandmask
% 

>          ---Mike 
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org