CVE-2008-2469 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libspf	Libspf2

Configuration 1 [-]

OR	cpe:2.3:a:libspf:libspf2::::::::
	cpe:2.3:a:libspf:libspf2:1.0.2:::::::*
	cpe:2.3:a:libspf:libspf2:1.0.3:::::::*
	cpe:2.3:a:libspf:libspf2:1.0.4:::::::*
	cpe:2.3:a:libspf:libspf2:1.2.1:::::::*
	cpe:2.3:a:libspf:libspf2:1.2.3:::::::*
	cpe:2.3:a:libspf:libspf2:1.2.4:::::::*
	cpe:2.3:a:libspf:libspf2:1.2.5:::::::*
	cpe:2.3:a:libspf:libspf2:1.2.6:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
http://secunia.com/advisories/32396
http://secunia.com/advisories/32450
http://secunia.com/advisories/32496
http://secunia.com/advisories/32720
http://security.gentoo.org/glsa/glsa-200810-03.xml
http://securityreason.com/securityalert/4487
http://up2date.astaro.com/2008/11/up2date_7305_released.html
http://www.debian.org/security/2008/dsa-1659
http://www.doxpara.com/?p=1263
http://www.doxpara.com/?page_id=1256
http://www.kb.cert.org/vuls/id/183657
http://www.securityfocus.com/bid/31881
http://www.vupen.com/english/advisories/2008/2896
https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025
https://exchange.xforce.ibmcloud.com/vulnerabilities/46055
https://www.exploit-db.com/exploits/6805

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2008-10-23T21:00:00

Updated: 2024-08-07T09:05:29.909Z

Reserved: 2008-05-28T00:00:00

Link: CVE-2008-2469

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-23T22:00:01.073

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2469

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "32720", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32720"}, {"name": "6805", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6805"}, {"name": "32396", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32396"}, {"name": "31881", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31881"}, {"name": "4487", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4487"}, {"name": "libspf2-dnstxtrecord-bo(46055)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46055"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://up2date.astaro.com/2008/11/up2date_7305_released.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254"}, {"name": "DSA-1659", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1659"}, {"name": "ADV-2008-2896", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2896"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025"}, {"tags": ["x_refsource_MISC"], "url": "http://www.doxpara.com/?page_id=1256"}, {"tags": ["x_refsource_MISC"], "url": "http://www.doxpara.com/?p=1263"}, {"name": "GLSA-200810-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200810-03.xml"}, {"name": "VU#183657", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/183657"}, {"name": "32496", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32496"}, {"name": "32450", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32450"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2008-2469", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32720", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32720"}, {"name": "6805", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6805"}, {"name": "32396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32396"}, {"name": "31881", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31881"}, {"name": "4487", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4487"}, {"name": "libspf2-dnstxtrecord-bo(46055)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46055"}, {"name": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1", "refsource": "CONFIRM", "url": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1"}, {"name": "http://up2date.astaro.com/2008/11/up2date_7305_released.html", "refsource": "CONFIRM", "url": "http://up2date.astaro.com/2008/11/up2date_7305_released.html"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254"}, {"name": "DSA-1659", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1659"}, {"name": "ADV-2008-2896", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2896"}, {"name": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025"}, {"name": "http://www.doxpara.com/?page_id=1256", "refsource": "MISC", "url": "http://www.doxpara.com/?page_id=1256"}, {"name": "http://www.doxpara.com/?p=1263", "refsource": "MISC", "url": "http://www.doxpara.com/?p=1263"}, {"name": "GLSA-200810-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200810-03.xml"}, {"name": "VU#183657", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/183657"}, {"name": "32496", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32496"}, {"name": "32450", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32450"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:05:29.909Z"}, "title": "CVE Program Container", "references": [{"name": "32720", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32720"}, {"name": "6805", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6805"}, {"name": "32396", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32396"}, {"name": "31881", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31881"}, {"name": "4487", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4487"}, {"name": "libspf2-dnstxtrecord-bo(46055)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46055"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://up2date.astaro.com/2008/11/up2date_7305_released.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254"}, {"name": "DSA-1659", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1659"}, {"name": "ADV-2008-2896", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2896"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.doxpara.com/?page_id=1256"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.doxpara.com/?p=1263"}, {"name": "GLSA-200810-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200810-03.xml"}, {"name": "VU#183657", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/183657"}, {"name": "32496", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32496"}, {"name": "32450", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32450"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2008-2469", "datePublished": "2008-10-23T21:00:00", "dateReserved": "2008-05-28T00:00:00", "dateUpdated": "2024-08-07T09:05:29.909Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libspf:libspf2:*:*:*:*:*:*:*:*", "matchCriteriaId": "D84281EF-A1B8-43C1-B1EA-1AA3D6EFF71C", "versionEndIncluding": "1.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6916DA20-4EAE-4AB7-B0D8-8E711DA87D9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9B66D6DC-EB51-48A0-B157-70962F05DC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E9927C3A-B001-4B95-A65C-8C86449E71F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B857F114-B720-493C-8E57-965D1C56C550", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "66AFDC69-65BE-477A-A9E5-1B7C51E120EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A115543-F06C-4C45-97BE-62A603AD6FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A946E9A-F440-4772-9939-553A883FEE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:libspf:libspf2:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FF0F5AF-854F-4270-A33B-0D7B06E83639", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n SPF_dns_resolv_lookup en Spf_dns_resolv.c en libspf2 antes de 1.2.8 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo DNS TXT largo con un campo longitud modificado."}], "id": "CVE-2008-2469", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-23T22:00:01.073", "references": [{"source": "cret@cert.org", "url": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/32396"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/32450"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32496"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/32720"}, {"source": "cret@cert.org", "url": "http://security.gentoo.org/glsa/glsa-200810-03.xml"}, {"source": "cret@cert.org", "url": "http://securityreason.com/securityalert/4487"}, {"source": "cret@cert.org", "url": "http://up2date.astaro.com/2008/11/up2date_7305_released.html"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2008/dsa-1659"}, {"source": "cret@cert.org", "url": "http://www.doxpara.com/?p=1263"}, {"source": "cret@cert.org", "url": "http://www.doxpara.com/?page_id=1256"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/183657"}, {"source": "cret@cert.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31881"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2008/2896"}, {"source": "cret@cert.org", "url": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1"}, {"source": "cret@cert.org", "url": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46055"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/6805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200810-03.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://up2date.astaro.com/2008/11/up2date_7305_released.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.doxpara.com/?p=1263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.doxpara.com/?page_id=1256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/183657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2896"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6805"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}