10 - VU#203611

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	inet_network() off-by-one buffer overflow

Informations
Name	VU#203611	First vendor Publication	2008-01-25
Vendor	VU-CERT	Last vendor Modification	2008-01-31
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#203611

inet_network() off-by-one buffer overflow

Overview

The inet_network() resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

The inet_network() function takes a character string representation for an internet address and returns the internet network number in integer form. inet_network() is implemented by various libbind, libc, and GNU libc versions. Applications that link against a vulnerable version of inet_network() may be vulnerable to a one-byte overflow.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.

III. Solution

Apply an update

FreeBSD libc - Apply the patch in FreeBSD Security Advisory FreeBSD-SA-08:02.libc
GNU libc - This issue was resolved on February 11, 2000 in the main (diff) and glibc 2.1 (diff) branches
libbind - This issue will be resolved in libbind 9.3.5, 9.4.3, 2.5.0b2, or later. A patch is also available in the ISC Advisory

Systems Affected

Vendor	Status	Date Updated
Apple Computer, Inc.	Not Vulnerable	25-Jan-2008
BlueCat Networks, Inc.	Unknown	17-Jan-2008
CentOS	Unknown	17-Jan-2008
Check Point Software Technologies	Unknown	17-Jan-2008
Conectiva Inc.	Unknown	17-Jan-2008
Cray Inc.	Unknown	17-Jan-2008
Debian GNU/Linux	Unknown	21-Jan-2008
EMC Corporation	Unknown	17-Jan-2008
Engarde Secure Linux	Unknown	17-Jan-2008
F5 Networks, Inc.	Unknown	17-Jan-2008
Fedora Project	Unknown	17-Jan-2008
FreeBSD, Inc.	Vulnerable	25-Jan-2008
Fujitsu	Unknown	17-Jan-2008
Gentoo Linux	Unknown	17-Jan-2008
Gnu ADNS	Unknown	17-Jan-2008
GNU glibc	Vulnerable	25-Jan-2008
Hewlett-Packard Company	Not Vulnerable	31-Jan-2008
Hitachi	Unknown	17-Jan-2008
IBM Corporation	Unknown	17-Jan-2008
IBM Corporation (zseries)	Unknown	17-Jan-2008
IBM eServer	Unknown	17-Jan-2008
Infoblox	Not Vulnerable	31-Jan-2008
Ingrian Networks, Inc.	Not Vulnerable	29-Jan-2008
Internet Software Consortium	Unknown	10-Dec-2007
Juniper Networks, Inc.	Unknown	17-Jan-2008
Lucent Technologies	Unknown	17-Jan-2008
Mandriva, Inc.	Not Vulnerable	21-Jan-2008
Men & Mice	Unknown	17-Jan-2008
Metasolv Software, Inc.	Unknown	17-Jan-2008
Microsoft Corporation	Not Vulnerable	18-Jan-2008
MontaVista Software, Inc.	Unknown	17-Jan-2008
NEC Corporation	Unknown	17-Jan-2008
NetBSD	Unknown	17-Jan-2008
Nortel Networks, Inc.	Unknown	17-Jan-2008
Novell, Inc.	Unknown	17-Jan-2008
OpenBSD	Vulnerable	21-Jan-2008
Openwall GNU/*/Linux	Unknown	17-Jan-2008
QNX, Software Systems, Inc.	Unknown	17-Jan-2008
Red Hat, Inc.	Unknown	17-Jan-2008
Shadowsupport	Unknown	17-Jan-2008
Silicon Graphics, Inc.	Unknown	17-Jan-2008
Slackware Linux Inc.	Unknown	17-Jan-2008
Sony Corporation	Unknown	17-Jan-2008
Sun Microsystems, Inc.	Unknown	17-Jan-2008
SUSE Linux	Unknown	17-Jan-2008
The SCO Group	Unknown	17-Jan-2008
Trustix Secure Linux	Unknown	17-Jan-2008
Turbolinux	Unknown	17-Jan-2008
Ubuntu	Unknown	17-Jan-2008
Unisys	Unknown	17-Jan-2008
Wind River Systems, Inc.	Unknown	17-Jan-2008

References

http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.6.2.1&r2=1.6.2.2&cvsroot=glibc&f=h
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/inet/inet_net.c.diff?r1=1.8&r2=1.9&cvsroot=glibc&f=h
http://www.securityfocus.com/bid/27283
http://securitytracker.com/alerts/2008/Jan/1019189.html
http://secunia.com/advisories/28367
http://xforce.iss.net/xforce/xfdb/39670

Credit

Thanks to Mark Andrews of ISC for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public	12/10/2007
Date First Published	01/25/2008 01:35:01 PM
Date Last Updated	01/31/2008
CERT Advisory
CVE Name	CVE-2008-0122
US-CERT Technical Alerts
Metric	0.76
Document Revision	12

Original Source

Url : http://www.kb.cert.org/vuls/id/203611

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10190

Oval ID:	oval:org.mitre.oval:def:10190
Title:	Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Description:	Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0122	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section bind-utils is earlier than 0:9.3.4-6.P1.el5 AND bind-libbind-devel is earlier than 0:9.3.4-6.P1.el5 AND bind-devel is earlier than 0:9.3.4-6.P1.el5 AND bind-chroot is earlier than 0:9.3.4-6.P1.el5 AND caching-nameserver is earlier than 0:9.3.4-6.P1.el5 AND bind-sdb is earlier than 0:9.3.4-6.P1.el5 AND bind is earlier than 0:9.3.4-6.P1.el5 AND bind-libs is earlier than 0:9.3.4-6.P1.el5

Definition Id: oval:org.mitre.oval:def:22620

Oval ID:	oval:org.mitre.oval:def:22620
Title:	ELSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)
Description:	Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0300-02 CVE-2007-6283 CVE-2008-0122	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	bind
Definition Synopsis:
Oracle Linux 5.x rpm test bind-utils is earlier than 30:9.3.4-6.P1.el5 AND bind-chroot is earlier than 30:9.3.4-6.P1.el5 AND bind-libbind-devel is earlier than 30:9.3.4-6.P1.el5 AND bind-devel is earlier than 30:9.3.4-6.P1.el5 AND bind-sdb is earlier than 30:9.3.4-6.P1.el5 AND bind is earlier than 30:9.3.4-6.P1.el5 AND bind-libs is earlier than 30:9.3.4-6.P1.el5 AND caching-nameserver is earlier than 30:9.3.4-6.P1.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:2.3:a:isc:bind:9.4.2b1:::::::* cpe:2.3:a:isc:bind:9.4.2::::-::: cpe:2.3:a:isc:bind:9.4.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.4.2:rc2:::-:::* cpe:2.3:a:isc:bind:9.4.2:p2_w1:::-:::* cpe:2.3:a:isc:bind:9.4.1p1:::::::* cpe:2.3:a:isc:bind:9.4.1::::-::: cpe:2.3:a:isc:bind:9.4.0::::-::: cpe:2.3:a:isc:bind:9.4.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.4.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.4.0:a6:::-:::* cpe:2.3:a:isc:bind:9.4.0:a5:::-:::* cpe:2.3:a:isc:bind:9.4.0:b4:::-:::* cpe:2.3:a:isc:bind:9.4.0:b3:::-:::* cpe:2.3:a:isc:bind:9.4.0:b2:::-:::* cpe:2.3:a:isc:bind:9.4.0:b1:::-:::* cpe:2.3:a:isc:bind:9.4.0:a4:::-:::* cpe:2.3:a:isc:bind:9.4.0:a3:::-:::* cpe:2.3:a:isc:bind:9.4.0:a2:::-:::* cpe:2.3:a:isc:bind:9.4.0:a1:::-:::* cpe:2.3:a:isc:bind:9.4-esv-r4:::::::* cpe:2.3:a:isc:bind:9.4-esv-r3:::::::* cpe:2.3:a:isc:bind:9.4-esv-r2:::::::* cpe:2.3:a:isc:bind:9.4-esv-r1:::::::* cpe:2.3:a:isc:bind:9.4-esv:::::::* cpe:2.3:a:isc:bind:9.4-esv:r5b1:::::: cpe:2.3:a:isc:bind:9.4-esv:b1:::::: cpe:2.3:a:isc:bind:9.4-esv:r2:::::: cpe:2.3:a:isc:bind:9.4-esv:r4-p1:::::: cpe:2.3:a:isc:bind:9.4-esv:r1:::::: cpe:2.3:a:isc:bind:9.4-esv:r4:::::: cpe:2.3:a:isc:bind:9.4-esv:r3:::::: cpe:2.3:a:isc:bind:9.4::::-::: cpe:2.3:a:isc:bind:9.4:r5-b1:::esv:::* cpe:2.3:a:isc:bind:9.4:r1:::esv:::* cpe:2.3:a:isc:bind:9.4:b1:::esv:::* cpe:2.3:a:isc:bind:9.4:r3:::esv:::* cpe:2.3:a:isc:bind:9.4:r4:::esv:::* cpe:2.3:a:isc:bind:9.4:r5:::esv:::* cpe:2.3:a:isc:bind:9.4:r2:::esv:::* cpe:2.3:a:isc:bind:9.4:r4-p1:::esv:::* cpe:2.3:a:isc:bind:9.4::::esv::: cpe:2.3:a:isc:bind:9.4:r5-p1:::esv:::* cpe:2.3:a:isc:bind:9.4:r5-rc1:::esv:::* cpe:2.3:a:isc:bind:9.3.6p1:::::::* cpe:2.3:a:isc:bind:9.3.6b1:::::::* cpe:2.3:a:isc:bind:9.3.6::::-::: cpe:2.3:a:isc:bind:9.3.6:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.5b1:::::::* cpe:2.3:a:isc:bind:9.3.5-p2-w2:::::::* cpe:2.3:a:isc:bind:9.3.5-p2-w1:::::::* cpe:2.3:a:isc:bind:9.3.5-p2-w1:windows:::::: cpe:2.3:a:isc:bind:9.3.5-p2:::::::* cpe:2.3:a:isc:bind:9.3.5::::-::: cpe:2.3:a:isc:bind:9.3.5:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.5:rc2:::-:::* cpe:2.3:a:isc:bind:9.3.5:p2_w1:::-:::* cpe:2.3:a:isc:bind:9.3.4p1:::::::* cpe:2.3:a:isc:bind:9.3.4::::-::: cpe:2.3:a:isc:bind:9.3.3b1:::::::* cpe:2.3:a:isc:bind:9.3.3::::-::: cpe:2.3:a:isc:bind:9.3.3:rc3:::-:::* cpe:2.3:a:isc:bind:9.3.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.3:rc2:::-:::* cpe:2.3:a:isc:bind:9.3.2p2:::::::* cpe:2.3:a:isc:bind:9.3.2p1:::::::* cpe:2.3:a:isc:bind:9.3.2b2:::::::* cpe:2.3:a:isc:bind:9.3.2b1:::::::* cpe:2.3:a:isc:bind:9.3.2::::-::: cpe:2.3:a:isc:bind:9.3.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.2:p1:::-:::* cpe:2.3:a:isc:bind:9.3.1::::-::: cpe:2.3:a:isc:bind:9.3.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.1:b2:::-:::* cpe:2.3:a:isc:bind:9.3.0::::-::: cpe:2.3:a:isc:bind:9.3.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.3.0:rc4:::-:::* cpe:2.3:a:isc:bind:9.3.0:rc3:::-:::* cpe:2.3:a:isc:bind:9.3.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.3.0:b4:::-:::* cpe:2.3:a:isc:bind:9.3.0:b3:::-:::* cpe:2.3:a:isc:bind:9.3.0:b2:::-:::* cpe:2.3:a:isc:bind:9.3::::-::: cpe:2.3:a:isc:bind:9.2.9b1:::::::* cpe:2.3:a:isc:bind:9.2.9::::-::: cpe:2.3:a:isc:bind:9.2.9:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.8p1:::::::* cpe:2.3:a:isc:bind:9.2.8::::-::: cpe:2.3:a:isc:bind:9.2.7b1:::::::* cpe:2.3:a:isc:bind:9.2.7::::-::: cpe:2.3:a:isc:bind:9.2.7:rc3:::-:::* cpe:2.3:a:isc:bind:9.2.7:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.7:rc2:::-:::* cpe:2.3:a:isc:bind:9.2.6p2:::::::* cpe:2.3:a:isc:bind:9.2.6p1:::::::* cpe:2.3:a:isc:bind:9.2.6b2:::::::* cpe:2.3:a:isc:bind:9.2.6b1:::::::* cpe:2.3:a:isc:bind:9.2.6::::-::: cpe:2.3:a:isc:bind:9.2.6:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.6:p2:::-:::* cpe:2.3:a:isc:bind:9.2.5::::-::: cpe:2.3:a:isc:bind:9.2.5:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.5:b2:::-:::* cpe:2.3:a:isc:bind:9.2.4::::-::: cpe:2.3:a:isc:bind:9.2.4:rc7:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc8:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc2:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc3:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc6:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc5:::-:::* cpe:2.3:a:isc:bind:9.2.4:rc4:::-:::* cpe:2.3:a:isc:bind:9.2.3::::-::: cpe:2.3:a:isc:bind:9.2.3:rc3:::-:::* cpe:2.3:a:isc:bind:9.2.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.3:rc4:::-:::* cpe:2.3:a:isc:bind:9.2.3:rc2:::-:::* cpe:2.3:a:isc:bind:9.2.2::::-::: cpe:2.3:a:isc:bind:9.2.2:p3:::-:::* cpe:2.3:a:isc:bind:9.2.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.2:p2:::-:::* cpe:2.3:a:isc:bind:9.2.1::::-::: cpe:2.3:a:isc:bind:9.2.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.1:rc2:::-:::* cpe:2.3:a:isc:bind:9.2.0b2:::::::* cpe:2.3:a:isc:bind:9.2.0b1:::::::* cpe:2.3:a:isc:bind:9.2.0a3:::::::* cpe:2.3:a:isc:bind:9.2.0a2:::::::* cpe:2.3:a:isc:bind:9.2.0a1:::::::* cpe:2.3:a:isc:bind:9.2.0::::-::: cpe:2.3:a:isc:bind:9.2.0:rc4:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc9:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc5:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc10:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc3:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc7:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc6:::-:::* cpe:2.3:a:isc:bind:9.2.0:rc8:::-:::* cpe:2.3:a:isc:bind:9.2.0:b1:::-:::* cpe:2.3:a:isc:bind:9.2.0:a1:::-:::* cpe:2.3:a:isc:bind:9.2.0:b2:::-:::* cpe:2.3:a:isc:bind:9.2.0:a2:::-:::* cpe:2.3:a:isc:bind:9.2.0:a3:::-:::* cpe:2.3:a:isc:bind:9.2::::-::: cpe:2.3:a:isc:bind:9.1.3p3:::::::* cpe:2.3:a:isc:bind:9.1.3p2:::::::* cpe:2.3:a:isc:bind:9.1.3::::-::: cpe:2.3:a:isc:bind:9.1.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.1.3:rc2:::-:::* cpe:2.3:a:isc:bind:9.1.3:rc3:::-:::* cpe:2.3:a:isc:bind:9.1.2::::-::: cpe:2.3:a:isc:bind:9.1.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.1.1::::-::: cpe:2.3:a:isc:bind:9.1.1:rc6:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc7:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc3:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc2:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc4:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc5:::-:::* cpe:2.3:a:isc:bind:9.1.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.1.0b3:::::::* cpe:2.3:a:isc:bind:9.1.0b2:::::::* cpe:2.3:a:isc:bind:9.1.0b1:::::::* cpe:2.3:a:isc:bind:9.1.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.1::::-::: cpe:2.3:a:isc:bind:9.0.1::::-::: cpe:2.3:a:isc:bind:9.0.1:rc2:::-:::* cpe:2.3:a:isc:bind:9.0.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.0.0b5:::::::* cpe:2.3:a:isc:bind:9.0.0b4:::::::* cpe:2.3:a:isc:bind:9.0.0b3:::::::* cpe:2.3:a:isc:bind:9.0.0b2:::::::* cpe:2.3:a:isc:bind:9.0.0b1:::::::* cpe:2.3:a:isc:bind:9.0.0:rc4:::-:::* cpe:2.3:a:isc:bind:9.0.0:rc5:::-:::* cpe:2.3:a:isc:bind:9.0.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.0.0:rc6:::-:::* cpe:2.3:a:isc:bind:9.0.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.0.0:rc3:::-:::* cpe:2.3:a:isc:bind:9.0::::-::: cpe:2.3:a:isc:bind:8.4.7::::-::: cpe:2.3:a:isc:bind:8.4.5::::-::: cpe:2.3:a:isc:bind:8.4.4::::-::: cpe:2.3:a:isc:bind:8.4.1::::-::: cpe:2.3:a:isc:bind:8.4::::-::: cpe:2.3:a:isc:bind:8.3.6::::-::: cpe:2.3:a:isc:bind:8.3.5::::-::: cpe:2.3:a:isc:bind:8.3.4::::-::: cpe:2.3:a:isc:bind:8.3.3::::-::: cpe:2.3:a:isc:bind:8.3.2::::-::: cpe:2.3:a:isc:bind:8.3.1::::-::: cpe:2.3:a:isc:bind:8.3.0::::-::: cpe:2.3:a:isc:bind:8.2.7::::-::: cpe:2.3:a:isc:bind:8.2.6::::-::: cpe:2.3:a:isc:bind:8.2.5::::-::: cpe:2.3:a:isc:bind:8.2.4::::-::: cpe:2.3:a:isc:bind:8.2.3::::-::: cpe:2.3:a:isc:bind:8.2.3:t1a:::-:::* cpe:2.3:a:isc:bind:8.2.3:t9b:::-:::* cpe:2.3:a:isc:bind:8.2.2:p7:::-:::* cpe:2.3:a:isc:bind:8.2.2:p3:::-:::* cpe:2.3:a:isc:bind:8.2.2:p5:::-:::* cpe:2.3:a:isc:bind:8.2.2:p2:::-:::* cpe:2.3:a:isc:bind:8.2.2:p4:::-:::* cpe:2.3:a:isc:bind:8.2.2:p6:::-:::* cpe:2.3:a:isc:bind:8.2.2:p1:::-:::* cpe:2.3:a:isc:bind:8.2.2:-:::-:::* cpe:2.3:a:isc:bind:8.2.1::::-::: cpe:2.3:a:isc:bind:8.2:p1:::-:::* cpe:2.3:a:isc:bind:8.2:-:::-:::* cpe:2.3:a:isc:bind:8.1.2::::-::: cpe:2.3:a:isc:bind:8.1.1::::-::: cpe:2.3:a:isc:bind:8.1::::-::: cpe:2.3:a:isc:bind:8::::-::: cpe:2.3:a:isc:bind:4.9.9::::-::: cpe:2.3:a:isc:bind:4.9.8::::-::: cpe:2.3:a:isc:bind:4.9.7::::-::: cpe:2.3:a:isc:bind:4.9.6::::-::: cpe:2.3:a:isc:bind:4.9.5:p1:::-:::* cpe:2.3:a:isc:bind:4.9.5::::-::: cpe:2.3:a:isc:bind:4.9.4::::-::: cpe:2.3:a:isc:bind:4.9.3::::-::: cpe:2.3:a:isc:bind:4.9.2::::-::: cpe:2.3:a:isc:bind:4.9.10::::-::: cpe:2.3:a:isc:bind:4.9::::-::: cpe:2.3:a:isc:bind:4::::-::: cpe:2.3:a:isc:bind:::::::: cpe:2.3:a:isc:bind:::::-:::* cpe:2.3:a:isc:bind:::::supported_preview:::* cpe:2.3:a:isc:bind:-::::-:::	231

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for bind File : nvt/sles9p5022113.nasl
2009-06-03	Name : Solaris Update for /usr/4lib/libc.so.x.9 and libdbm 109152-03 File : nvt/gb_solaris_109152_03.nasl
2009-06-03	Name : Solaris Update for libresolv.so.2, in.named and BIND9 109326-24 File : nvt/gb_solaris_109326_24.nasl
2009-06-03	Name : Solaris Update for libsocket 111327-06 File : nvt/gb_solaris_111327_06.nasl
2009-06-03	Name : Solaris Update for libsocket 111328-05 File : nvt/gb_solaris_111328_05.nasl
2009-06-03	Name : Solaris Update for libc 112874-45 File : nvt/gb_solaris_112874_45.nasl
2009-06-03	Name : Solaris Update for libc.so.1.9 138387-01 File : nvt/gb_solaris_138387_01.nasl
2009-03-06	Name : RedHat Update for bind RHSA-2008:0300-02 File : nvt/gb_RHSA-2008_0300-02_bind.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-0903 File : nvt/gb_fedora_2008_0903_bind_fc8.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-0904 File : nvt/gb_fedora_2008_0904_bind_fc7.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-6281 File : nvt/gb_fedora_2008_6281_bind_fc8.nasl
2008-09-04	Name : FreeBSD Security Advisory (FreeBSD-SA-08:02.libc.asc) File : nvt/freebsdsa_libc.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
41211	ISC BIND libbind inet_network() Function Off-By-One Memory Corruption
40811	FreeBSD libc inet_network() Function Off-By-One Memory Corruption DoS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12060.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-6281.nasl - Type : ACT_GATHER_INFO
2008-06-18	Name : The remote host is missing Sun Security Patch number 111327-06 File : solaris8_111327.nasl - Type : ACT_GATHER_INFO
2008-06-18	Name : The remote host is missing Sun Security Patch number 111328-05 File : solaris8_x86_111328.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0300.nasl - Type : ACT_GATHER_INFO
2008-03-13	Name : The remote openSUSE host is missing a security update. File : suse_bind-4931.nasl - Type : ACT_GATHER_INFO
2008-03-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-4932.nasl - Type : ACT_GATHER_INFO
2008-01-27	Name : The remote Fedora host is missing a security update. File : fedora_2008-0903.nasl - Type : ACT_GATHER_INFO
2008-01-27	Name : The remote Fedora host is missing a security update. File : fedora_2008-0904.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109152-03 File : solaris8_109152.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	231
osvdb(s)	2
Openvas Exploit(s)	12
Nessus® Exploit(s)	14

	Related
10	CVE-2008-0122
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)