FrSIRT - Fedora Security Update Fixes BIND libbind "inet_network()" Off-by-one / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes BIND libbind "inet_network()" Off-by-one

Title : Fedora Security Update Fixes BIND libbind "inet_network()" Off-by-one
Advisory ID : FrSIRT/ADV-2008-0244
CVE ID : CVE-2008-0122
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-23

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or potentially take complete control of an affected system [...]

Solution

Upgrade the affected packages :

c6ac4344bc5ac18cd5369302a37612415e24034f bind-debuginfo-9.4.2-3.fc7.ppc64.rpm
a3db4c0e53ab63724890ad72027d5c48a316ee73 bind-sdb-9.4.2-3.fc7.ppc64.rpm
44cda86fb3454f53f423d8984914e891ab7113b2 bind-chroot-9.4.2-3.fc7.ppc64.rpm
1aa3bf9843973e1f17aaafa492bbb2c3d9dd9fb3 caching-nameserver-9.4.2-3.fc7.ppc64.rpm
88f31c3041a7ffee1c420efb2c694a0ec465faa9 bind-devel-9.4.2-3.fc7.ppc64.rpm
7c68a035d338daa298b49adc4475c7cee535fedb bind-utils-9.4.2-3.fc7.ppc64.rpm
977a5d5f9e7a48d5f259bf8f81546194d737ff2e bind-libs-9.4.2-3.fc7.ppc64.rpm
0b232359ef45c75e8356b9c146fa168099a2417f bind-9.4.2-3.fc7.ppc64.rpm
98ea2ee934c5ecac97300990b645f74112e76676 bind-debuginfo-9.4.2-3.fc7.i386.rpm
c021e50994942e16457c617c0edcea68128032e5 bind-sdb-9.4.2-3.fc7.i386.rpm
97c49428882c2c338b674c385a60d1072165ffbf bind-chroot-9.4.2-3.fc7.i386.rpm
4900016306404d08e6f1bdf80cc29ce9f91aaa1b caching-nameserver-9.4.2-3.fc7.i386.rpm
085bbde75950660b1861b52d77791e61064a8774 bind-devel-9.4.2-3.fc7.i386.rpm
1c01e674b85b9ed4f2c2b55b7a94bc9527d6a3b3 bind-utils-9.4.2-3.fc7.i386.rpm
633af843a6d7516c8018b16d7d89b1a3d249e753 bind-libs-9.4.2-3.fc7.i386.rpm
7611f8e9be4aea429e9725dd2b4d3c5a19d114d3 bind-9.4.2-3.fc7.i386.rpm
3bcf8639078fed009ba080af2cdee835d150365f caching-nameserver-9.4.2-3.fc7.x86_64.rpm
14dfd38e81c9f9d79af217576cf8dd22e2f437c1 bind-chroot-9.4.2-3.fc7.x86_64.rpm
2f5ce4a67d124725f62de401a4e0b01c22762a5d bind-utils-9.4.2-3.fc7.x86_64.rpm
aa3cf2b12da96f8da43312e33d3a58dd1c4ff40b bind-9.4.2-3.fc7.x86_64.rpm
aa32f28e752e8e6d46fde637298bcf996c1609b0 bind-libs-9.4.2-3.fc7.x86_64.rpm
8d0a328f836f90b5bd91d61013e33dfc45772aff bind-sdb-9.4.2-3.fc7.x86_64.rpm
bfa904facd6ac7f131661e420a86a5dff4337164 bind-devel-9.4.2-3.fc7.x86_64.rpm
a9e90540db1488df719c648d9885d16464b5e47a bind-debuginfo-9.4.2-3.fc7.x86_64.rpm
3bd0d4d1fd3431652f3d34eb68d7dd82745c3015 bind-debuginfo-9.4.2-3.fc7.ppc.rpm
8ed5a0f186342be7ed9608cbfa411ddd999a3a49 bind-sdb-9.4.2-3.fc7.ppc.rpm
964555c1f52a8d4a7f6a091a25e383f5f7eb5004 bind-chroot-9.4.2-3.fc7.ppc.rpm
f42e929110b650052e4d38b4b657c1a5ee6f5920 caching-nameserver-9.4.2-3.fc7.ppc.rpm
cb4ea5dfa9ee8cc3a05ab5a4902db109bcbeeefe bind-devel-9.4.2-3.fc7.ppc.rpm
5ca825eff123b1d0e8ebc84c10bfec017d91d0b8 bind-utils-9.4.2-3.fc7.ppc.rpm
eb9f3f7d45f661bd412b821bda01b0b320b861ab bind-libs-9.4.2-3.fc7.ppc.rpm
422365265dcef3597dd2c6fd7b01f1f522a70cb7 bind-9.4.2-3.fc7.ppc.rpm
6c8fb790f26c30ff4d977a30301346f494a12801 bind-9.4.2-3.fc7.src.rpm

fb5244aefc6d70ba5e93a3ac3acf32714ef2fc5b bind-debuginfo-9.5.0-23.b1.fc8.ppc64.rpm
60debb2788f9457a5cedd3c6e653f9b686f1571e bind-chroot-9.5.0-23.b1.fc8.ppc64.rpm
8d01da352038f28e51b48a3a5688565d7733b5f9 bind-devel-9.5.0-23.b1.fc8.ppc64.rpm
82d201cb452c62db6a7a396ad025dc3f30ac2f5a bind-utils-9.5.0-23.b1.fc8.ppc64.rpm
efa2bbaa07ba73e3e57dad5f043fb54b88f83b19 bind-libs-9.5.0-23.b1.fc8.ppc64.rpm
65a260c4d44785e19fecd77cd2d75bd4aedc7c9d bind-sdb-9.5.0-23.b1.fc8.ppc64.rpm
c3a1f2cbef18927f9e83cb0f8a2b912e61d1579f bind-9.5.0-23.b1.fc8.ppc64.rpm
910129012e770e6ad5445f431cafed72fdc85c23 bind-debuginfo-9.5.0-23.b1.fc8.i386.rpm
8a277f18d163eee3e70a8d8fae0e7946078f62d6 bind-chroot-9.5.0-23.b1.fc8.i386.rpm
aff534e0833fb10f66b72dc0709d9cc7964a3637 bind-devel-9.5.0-23.b1.fc8.i386.rpm
37aefb7f35fe112974b29f14fd323f7c566e4b6c bind-utils-9.5.0-23.b1.fc8.i386.rpm
d3c7f6e3115537d44471f5797a7a971e6792cf6a bind-libs-9.5.0-23.b1.fc8.i386.rpm
6639746ca6bbb4fb7e6887cdfb76318e8ae83eff bind-sdb-9.5.0-23.b1.fc8.i386.rpm
804514179af1af13647687e3a6d165b4b0c01772 bind-9.5.0-23.b1.fc8.i386.rpm
92b30fe2e271fe95d476e172cb7b772e5306b352 bind-sdb-9.5.0-23.b1.fc8.x86_64.rpm
cedbdafe1bde3430c017cf775565946a3cd683d2 bind-9.5.0-23.b1.fc8.x86_64.rpm
9ed1bd945891b5f6d86ef9f1fc9f1244aa1515df bind-debuginfo-9.5.0-23.b1.fc8.x86_64.rpm
2f6aef22420c5dcdb121d71f854e3e95d7c57ee1 bind-devel-9.5.0-23.b1.fc8.x86_64.rpm
ed2742ebc4c06295b24f1e23b00f22d63270fb52 bind-utils-9.5.0-23.b1.fc8.x86_64.rpm
ceb43c573a915689c949565c816560dcc6f96e4a bind-libs-9.5.0-23.b1.fc8.x86_64.rpm
4a87657f8d8ba57eee12c3f32081f86b495f2891 bind-chroot-9.5.0-23.b1.fc8.x86_64.rpm
175460a553be00f10750494ef3967db2ee384ff6 bind-debuginfo-9.5.0-23.b1.fc8.ppc.rpm
4b78bf1aa4ce691bba29e4ec6303bf735be3cc5a bind-chroot-9.5.0-23.b1.fc8.ppc.rpm
247b97d9125c58e8fe393665ecc052d24b486830 bind-devel-9.5.0-23.b1.fc8.ppc.rpm
402fc98b7534f16b7c953ae24c0403445cc60370 bind-utils-9.5.0-23.b1.fc8.ppc.rpm
b462349332ec8933e8f2009091976bfc171a42e0 bind-libs-9.5.0-23.b1.fc8.ppc.rpm
76e0010bf14db7b2c759232730bafdf44419f007 bind-sdb-9.5.0-23.b1.fc8.ppc.rpm
d879ca6484ea44cc6d923276e50132ed498f8973 bind-9.5.0-23.b1.fc8.ppc.rpm
6f9947ad1dd5ad1d1c3d4f3cf850ccf030851f24 bind-9.5.0-23.b1.fc8.src.rpm

ChangeLog

2008-01-23 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service

	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability