CVE-2008-2469

Libspf2 < 1.2.7 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dan Kaminsky · textdosmultiple

https://www.exploit-db.com/exploits/6805

View Code ZIP pw:eip

References (18)

Core 18

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32720

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6805

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32396

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31881

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4487

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46055

Various Sources x_refsource_confirm

https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1

Various Sources x_refsource_confirm

http://up2date.astaro.com/2008/11/up2date_7305_released.html

Issue Tracking x_refsource_confirm

http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1659

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2896

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025

Various Sources x_refsource_misc

http://www.doxpara.com/?page_id=1256

Various Sources x_refsource_misc

http://www.doxpara.com/?p=1263

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200810-03.xml

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/183657

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32496

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32450

Scores

EPSS 0.3896

EPSS Percentile 97.3%

Details

CWE

CWE-119

Status published

Products (9)

libspf/libspf2 1.0.2

libspf/libspf2 1.0.3

libspf/libspf2 1.0.4

libspf/libspf2 1.2.1

libspf/libspf2 1.2.3

libspf/libspf2 1.2.4

libspf/libspf2 1.2.5

libspf/libspf2 1.2.6

libspf/libspf2 < 1.2.7

Published Oct 23, 2008

Tracked Since Feb 18, 2026