漏洞信息详情
ISC BIND libbind 'inet_network()'函数数字错误漏洞
- CNNVD编号:CNNVD-200801-264
- 危害等级: 高危
- CVE编号: CVE-2008-0122
- 漏洞类型: 数字错误
- 发布时间: 2008-01-16
- 威胁类型: 远程
- 更新时间: 2019-08-02
- 厂 商: freebsd
- 漏洞来源: Bjoern A. Zeeb bz...
漏洞简介
FreeBSD是FreeBSD基金会的一套类Unix操作系统。ISC BIND是美国ISC公司的一套实现了DNS协议的开源软件。
ISC BIND 9.4.2及之前版本中的libbind的inet_network()函数中的单字节溢出可能由某些输入导致内存破坏,本地攻击者可能利用此漏洞提升权限或导致拒绝服务。如果程序向inet_network()传送不可信任数据的话,攻击者就可以通过向inet_network()传送特制输入导致用用户定义的数据覆盖内存区域。攻击者可以在使用inet_network()的程序中导致拒绝服务或执行代码,具体取决于所覆盖的内存区域。以下产品及版本受到影响:FreeBSD 6.2版本至7.0-PRERELEASE版本中的libc。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
FreeBSD FreeBSD 6.2
FreeBSD libc.patch
http://security.freebsd.org/patches/SA-08:02/libc.patch
参考网址
来源:SECUNIA
链接:http://secunia.com/advisories/30718
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/203611
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=429149
来源:SECUNIA
链接:http://secunia.com/advisories/28579
来源:CONFIRM
链接:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167
来源:FEDORA
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.HTML
来源:CONFIRM
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm
来源:BID
链接:https://www.securityfocus.com/bid/27283
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/0703
来源:SUNALERT
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1
来源:SECUNIA
链接:http://secunia.com/advisories/30313
来源:CONFIRM
链接:http://www.isc.org/index.pl?/sw/bind/bind-security.php
来源:SECUNIA
链接:http://secunia.com/advisories/28487
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/487000/100/0/threaded
来源:SECUNIA
链接:http://secunia.com/advisories/28367
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2008-0300.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/30538
来源:CONFIRM
链接:http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/39670
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/28429
来源:FREEBSD
链接:http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc
来源:CONFIRM
链接:https://issues.rpath.com/browse/RPL-2169
来源:CONFIRM
链接:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
来源:FEDORA
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/29161
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/1743/references
来源:SECTRACK
链接:http://www.securitytracker.com/id?1019189
来源:SECUNIA
链接:http://secunia.com/advisories/29323
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/0193
受影响实体
- Freebsd Freebsd:7.0:Pre-Release
- Freebsd Freebsd:6.3
- Freebsd Freebsd:6.2
补丁
暂无
评论