Date: Tue, 15 Jan 2008 16:22:52 +1100 From: Mark Andrews <Mark_Andrews@isc.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:02.libc Message-ID: <200801150522.m0F5MqV1061436@drugs.dv.isc.org> In-Reply-To: Your message of "Mon, 14 Jan 2008 23:28:46 CDT." <200801150428.m0F4SaH1084137@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 06:09 PM 1/14/2008, FreeBSD Security Advisories wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >============================================================================ > = > >FreeBSD-SA-08:02.libc Security Advisor > y > > The FreeBSD Proje > ct > > > >Topic: inet_network() buffer overflow > > > >For programs which passes untrusted data to inet_network(), an > >attacker may be able to overwrite a region of memory with user defined > >data by causing specially crafted input to be passed to > >inet_network(). > > For the "usual suspects" of applications running, (e.g. sendmail, > apache, BIND etc) would it be possible to pass crafted packets > through to this function remotely via those apps ? ie how easy is this to do > ? The usual suspects don't call inet_network(). route calls inet_network() but not routed doesn't. Mark % nm /usr/obj/usr/src/usr.sbin/sendmail/sendmail | grep inet U __inet_addr U __inet_ntoa U __inet_ntop U __inet_pton % % nm /usr/obj/usr/src/usr.sbin/named/named | grep inet U __inet_aton U __inet_ntop U __inet_pton 0817f084 d cfg_type_inetcontrol 0814ee20 t inet_ntop4 0814f0f8 t inet_pton4 080fb668 t inet_totext 0817f0a0 d inetcontrol_fields % % nm /usr/obj/usr/src/sbin/route/route | grep inet U __inet_aton U __inet_lnaof U __inet_network U __inet_ntoa 08049a94 T inet_makenetandmask % > ---Mike > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801150522.m0F5MqV1061436>