Vulnerability Description
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libspf | Libspf2 | <= 1.2.7 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
- http://secunia.com/advisories/32396
- http://secunia.com/advisories/32450
- http://secunia.com/advisories/32496Vendor Advisory
- http://secunia.com/advisories/32720
- http://security.gentoo.org/glsa/glsa-200810-03.xml
- http://securityreason.com/securityalert/4487
- http://up2date.astaro.com/2008/11/up2date_7305_released.html
- http://www.debian.org/security/2008/dsa-1659
- http://www.doxpara.com/?p=1263
- http://www.doxpara.com/?page_id=1256
- http://www.kb.cert.org/vuls/id/183657US Government Resource
- http://www.securityfocus.com/bid/31881ExploitPatch
- http://www.vupen.com/english/advisories/2008/2896
- https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7
FAQ
What is CVE-2008-2469?
CVE-2008-2469 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified...
How severe is CVE-2008-2469?
CVE-2008-2469 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2469?
Check the references section above for vendor advisories and patch information. Affected products include: Libspf Libspf2.