PT-2008-1777 · Freebsd+2 · Freebsd+3

Adam Tkac

Published

2008-01-16

Updated

2019-08-01

CVE-2008-0122

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.4.2 and earlier FreeBSD versions 6.2 through 7.0-PRERELEASE

Description The issue is caused by an off-by-one error in the inet network function in libbind in ISC BIND, which can lead to a denial of service (crash) and potentially allow execution of arbitrary code via crafted input that triggers memory corruption.

Recommendations For ISC BIND versions 9.4.2 and earlier, update to a version later than 9.4.2 to resolve the issue. For FreeBSD versions 6.2 through 7.0-PRERELEASE, consider upgrading to a newer version of FreeBSD that incorporates the fix for the inet network function in libbind.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-0122

RHSA-2008:0300

RHSA-2008_0300

Affected Products

Freebsd

Isc Bind

Red Hat

Libbind

PT-2008-1777 · Freebsd+2 · Freebsd+3

CVE-2008-0122

Weakness Enumeration

Related Identifiers

Affected Products

References · 38