{"vuid":"VU#203611","idnumber":"203611","name":"inet_network() off-by-one buffer overflow","keywords":["libbind","libc","glibc","inet_network()","1 byte write overflow","BIND","off-by-one"],"overview":"The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.","resolution":"Apply an update\nFreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc\nGNU libc - This issue was resolved on February 11, 2000 in the main (diff) and glibc 2.1 (diff) branches\nlibbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, or later. A patch is also available in the ISC Advisory","workarounds":"","sysaffected":"","thanks":"Thanks to Mark Andrews of ISC for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc","http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.6.2.1&r2=1.6.2.2&cvsroot=glibc&f=h","http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.8&r2=1.9&cvsroot=glibc&f=h","http://www.securityfocus.com/bid/27283","http://securitytracker.com/alerts/2008/Jan/1019189.html","http://secunia.com/advisories/28367","http://xforce.iss.net/xforce/xfdb/39670"],"cveids":["CVE-2008-0122"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-12-10T21:21:03Z","publicdate":"2007-12-10T00:00:00Z","datefirstpublished":"2008-01-25T18:35:01Z","dateupdated":"2008-04-28T13:54:06Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"5","cam_impact":"5","cam_easeofexploitation":"5","cam_attackeraccessrequired":"12","cam_scorecurrent":"0.759375","cam_scorecurrentwidelyknown":"0.9","cam_scorecurrentwidelyknownexploited":"1.4625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.759375,"vulnote":null}