> At 06:09 PM 1/14/2008, FreeBSD Security Advisories
wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
>
>========================================================
====================
> =
> >FreeBSD-SA-08:02.libc
Security Advisor
> y
> >
The FreeBSD Proje
> ct
> >
> >Topic: inet_network() buffer overflow
> >
> >For programs which passes untrusted data to
inet_network(), an
> >attacker may be able to overwrite a region of
memory with user defined
> >data by causing specially crafted input to be
passed to
> >inet_network().
>
> For the "usual suspects" of applications
running, (e.g. sendmail,
> apache, BIND etc) would it be possible to pass crafted
packets
> through to this function remotely via those apps ? ie
how easy is this to do
> ?
The usual suspects don't call inet_network().
route calls inet_network() but not routed doesn't.
Mark
% nm /usr/obj/usr/src/usr.sbin/sendmail/sendmail | grep
inet
U __inet_addr
U __inet_ntoa
U __inet_ntop
U __inet_pton
%
% nm /usr/obj/usr/src/usr.sbin/named/named | grep inet
U __inet_aton
U __inet_ntop
U __inet_pton
0817f084 d cfg_type_inetcontrol
0814ee20 t inet_ntop4
0814f0f8 t inet_pton4
080fb668 t inet_totext
0817f0a0 d inetcontrol_fields
%
% nm /usr/obj/usr/src/sbin/route/route | grep inet
U __inet_aton
U __inet_lnaof
U __inet_network
U __inet_ntoa
08049a94 T inet_makenetandmask
%
> ---Mike
>
> _______________________________________________
> freebsd-security freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
> To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET:
Mark_Andrewsisc.org
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
