Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 238493 Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications
Informations
Name SUN-238493 First vendor Publication 2008-06-04
Vendor Sun Last vendor Modification 2010-01-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

An off-by-one buffer overflow in the inet_network() library function,
defined in the libsocket(3LIB), libresolv(3LIB), and the SunOS 4.x binary
compatibility libraries libc.so.1.9 and libc.so.2.9 in Solaris, may affect
applications which make use of this routine. Depending on the
application, this may allow a local or remote unprivileged user to crash
the application using the inet_network() routine (which is a type of
Denial of Service).This issue is also referenced in the following document:

CVE-2008-0122 at

http://www.security-database.com/detail.php?cve=CVE-2008-0122
State: Resolved
First released: 04-Jun-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_238493_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10190
 
Oval ID: oval:org.mitre.oval:def:10190
Title: Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Description: Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0122
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22620
 
Oval ID: oval:org.mitre.oval:def:22620
Title: ELSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)
Description: Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2008:0300-02
CVE-2007-6283
CVE-2008-0122
Version: 13
Platform(s): Oracle Linux 5
Product(s): bind
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 229

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for bind
File : nvt/sles9p5022113.nasl
2009-06-03 Name : Solaris Update for /usr/4lib/libc.so.x.9 and libdbm 109152-03
File : nvt/gb_solaris_109152_03.nasl
2009-06-03 Name : Solaris Update for libresolv.so.2, in.named and BIND9 109326-24
File : nvt/gb_solaris_109326_24.nasl
2009-06-03 Name : Solaris Update for libsocket 111327-06
File : nvt/gb_solaris_111327_06.nasl
2009-06-03 Name : Solaris Update for libsocket 111328-05
File : nvt/gb_solaris_111328_05.nasl
2009-06-03 Name : Solaris Update for libc 112874-45
File : nvt/gb_solaris_112874_45.nasl
2009-06-03 Name : Solaris Update for libc.so.1.9 138387-01
File : nvt/gb_solaris_138387_01.nasl
2009-03-06 Name : RedHat Update for bind RHSA-2008:0300-02
File : nvt/gb_RHSA-2008_0300-02_bind.nasl
2009-02-17 Name : Fedora Update for bind FEDORA-2008-0903
File : nvt/gb_fedora_2008_0903_bind_fc8.nasl
2009-02-17 Name : Fedora Update for bind FEDORA-2008-0904
File : nvt/gb_fedora_2008_0904_bind_fc7.nasl
2009-02-17 Name : Fedora Update for bind FEDORA-2008-6281
File : nvt/gb_fedora_2008_6281_bind_fc8.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-08:02.libc.asc)
File : nvt/freebsdsa_libc.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
41211 ISC BIND libbind inet_network() Function Off-By-One Memory Corruption

40811 FreeBSD libc inet_network() Function Off-By-One Memory Corruption DoS

Nessus® Vulnerability Scanner

Date Description
2017-04-21 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080521_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12060.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6281.nasl - Type : ACT_GATHER_INFO
2008-06-18 Name : The remote host is missing Sun Security Patch number 111327-06
File : solaris8_111327.nasl - Type : ACT_GATHER_INFO
2008-06-18 Name : The remote host is missing Sun Security Patch number 111328-05
File : solaris8_x86_111328.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0300.nasl - Type : ACT_GATHER_INFO
2008-03-13 Name : The remote openSUSE host is missing a security update.
File : suse_bind-4931.nasl - Type : ACT_GATHER_INFO
2008-03-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_bind-4932.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0903.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0904.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109152-03
File : solaris8_109152.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109326-24
File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109327-24
File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO