漏洞信息详情
libspf2 DNS TXT记录处理堆溢出漏洞
- CNNVD编号:CNNVD-200810-399
- 危害等级: 高危
- CVE编号: CVE-2008-2469
- 漏洞类型: 缓冲区溢出
- 发布时间: 2008-10-23
- 威胁类型: 远程
- 更新时间: 2009-02-21
- 厂 商: libspf
- 漏洞来源: Dan Kaminsky
漏洞简介
libspf2是用于实现Sender Policy Framework的库,允许邮件系统检查SPF记录并确认邮件已经过域名授权。
libspf2库的Spf_dns_resolv.c文件中的SPF_dns_resolv_lookup函数存在堆溢出漏洞,如果用户解析了带有特制长度字段的超长DNS TXT记录的话,就可能触发这个溢出,导致执行任意代码。
DNS TXT记录中包含有两个长度字段,首先是记录的整体长度字段,其次是范围为0到255的子长度字段,用于描述记录中特定字符串的长度。这两个值之间没有任何联系,DNS服务器也没有强制任何过滤检查。在接收到DNS TXT记录时,外部的记录长度值是所要分配的内存数量,但拷贝的是内部的长度,这就可能会触发溢出。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian libspf2-2_1.2.5-4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_amd64.deb
Debian libspf2-dev_1.2.5-4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_amd64.deb
Debian spfquery_1.2.5-4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_amd64.deb
Debian Linux 4.0 ia-32
Debian libspf2-2_1.2.5-4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_i386.deb
Debian libspf2-dev_1.2.5-4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_i386.deb
Debian spfquery_1.2.5-4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_i386.deb
Debian Linux 4.0 arm
Debian libspf2-2_1.2.5-4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_arm.deb
Debian libspf2-dev_1.2.5-4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_arm.deb
Debian spfquery_1.2.5-4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_arm.deb
Debian Linux 4.0 hppa
Debian libspf2-2_1.2.5-4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_hppa.deb
Debian libspf2-dev_1.2.5-4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_hppa.deb
Debian spfquery_1.2.5-4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_hppa.deb
Debian Linux 4.0 sparc
Debian libspf2-2_1.2.5-4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_sparc.deb
Debian libspf2-dev_1.2.5-4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_sparc.deb
Debian spfquery_1.2.5-4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_sparc.deb
Debian Linux 4.0 s/390
Debian libspf2-2_1.2.5-4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_s390.deb
Debian libspf2-dev_1.2.5-4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_s390.deb
Debian spfquery_1.2.5-4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_s390.deb
Debian Linux 4.0 powerpc
Debian libspf2-2_1.2.5-4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_powerpc.deb
Debian libspf2-dev_1.2.5-4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_powerpc.deb
Debian spfquery_1.2.5-4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_powerpc.deb
Debian Linux 4.0 alpha
Debian libspf2-2_1.2.5-4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_alpha.deb
Debian libspf2-dev_1.2.5-4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_alpha.deb
Debian spfquery_1.2.5-4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_alpha.deb
Debian Linux 4.0 mipsel
Debian libspf2-2_1.2.5-4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_mipsel.deb
Debian libspf2-dev_1.2.5-4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_ 1.2.5-4+etch1_mipsel.deb
Debian spfquery_1.2.5-4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2 .5-4+etch1_mipsel.deb
Debian Linux 4.0 ia-64
Debian libspf2-2_1.2.5-4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1. 2.5-4+etch1_ia64.deb
Debian libsp
参考网址
来源; US-CERT
名称: VU#183657
链接:http://www.kb.cert.org/vuls/id/183657
来源: BID
名称: 31881
链接:http://www.securityfocus.com/bid/31881
来源: bugs.launchpad.net
链接:https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025
来源: answers.launchpad.net
链接:https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
来源: XF
名称: libspf2-dnstxtrecord-bo(46055)
链接:http://xforce.iss.net/xforce/xfdb/46055
来源: MILW0RM
名称: 6805
链接:http://www.milw0rm.com/exploits/6805
来源: VUPEN
名称: ADV-2008-2896
链接:http://www.frsirt.com/english/advisories/2008/2896
来源: MISC
链接:http://www.doxpara.com/?page_id=1256
来源: MISC
链接:http://www.doxpara.com/?p=1263
来源: DEBIAN
名称: DSA-1659
链接:http://www.debian.org/security/2008/dsa-1659
来源: up2date.astaro.com
链接:http://up2date.astaro.com/2008/11/up2date_7305_released.HTML
来源: SREASON
名称: 4487
链接:http://securityreason.com/securityalert/4487
来源: GENTOO
名称: GLSA-200810-03
链接:http://security.gentoo.org/glsa/glsa-200810-03.xml
来源: SECUNIA
名称: 32720
链接:http://secunia.com/advisories/32720
来源: SECUNIA
名称: 32496
链接:http://secunia.com/advisories/32496
来源: SECUNIA
名称: 32450
链接:http://secunia.com/advisories/32450
来源: SECUNIA
名称: 32396
链接:http://secunia.com/advisories/32396
来源: bugs.gentoo.org
链接:http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
受影响实体
- Libspf Libspf2:1.2.4
- Libspf Libspf2:1.2.3
- Libspf Libspf2:1.0.2
- Libspf Libspf2:1.0.4
- Libspf Libspf2:1.0.3
补丁
暂无
评论