CVE-2008-2469

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

🔗 References (36)

• cret@certhttp://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
• cret@certhttp://secunia.com/advisories/32396
• cret@certhttp://secunia.com/advisories/32450
• cret@certhttp://secunia.com/advisories/32496
• cret@certhttp://secunia.com/advisories/32720
• cret@certhttp://security.gentoo.org/glsa/glsa-200810-03.xml
• cret@certhttp://securityreason.com/securityalert/4487
• cret@certhttp://up2date.astaro.com/2008/11/up2date_7305_released.html
• cret@certhttp://www.debian.org/security/2008/dsa-1659
• cret@certhttp://www.doxpara.com/?p=1263
• cret@certhttp://www.doxpara.com/?page_id=1256
• cret@certhttp://www.kb.cert.org/vuls/id/183657
• cret@certhttp://www.securityfocus.com/bid/31881
• cret@certhttp://www.vupen.com/english/advisories/2008/2896
• cret@certhttps://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1