Launchpad.net

CVE 2008-2469

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.

Related bugs and status

CVE-2008-2469 (Candidate) is related to these bugs:

Bug #271025: Multiple security vulnerabilities

		In	Importance	Status
271025	Multiple security vulnerabilities	libspf2 (Ubuntu)	High	Fix Released
271025	Multiple security vulnerabilities	libspf2 (Ubuntu Dapper)	Undecided	Fix Released
271025	Multiple security vulnerabilities	libspf2 (Ubuntu Feisty)	Undecided	Fix Released
271025	Multiple security vulnerabilities	libspf2 (Ubuntu Hardy)	Undecided	Fix Released
271025	Multiple security vulnerabilities	libspf2 (Ubuntu Gutsy)	Undecided	Fix Released
271025	Multiple security vulnerabilities	libspf2 (Ubuntu Intrepid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.doxpara.com...
MISC: http://www.doxpara.com...
CONFIRM: https://answers.launch...
CONFIRM: https://bugs.launchpad...
CERT-VN: VU#183657
BID: 31881
GENTOO: GLSA-200810-03
SECUNIA: 32496
SECUNIA: 32450
SREASON: 4487
DEBIAN: DSA-1659
SECUNIA: 32396
CONFIRM: http://up2date.astaro....
SECUNIA: 32720
VUPEN: ADV-2008-2896
CONFIRM: http://bugs.gentoo.org...
XF: libspf2-dnstxtrecord-b...
EXPLOIT-DB: 6805