Vulnerability CVE-2008-0122 - CERT Civis.Net

Vulnerability Name:

CVE-2008-0122 (CCN-39670)

Assigned:

2008-01-14

Published:

2008-01-14

Updated:

2019-08-01

Summary:

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189
CWE-193

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-0122

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2008:006

Source: CCN
Type: RHSA-2008-0300
Moderate: bind security, bug fix, and enhancement update

Source: CCN
Type: SA28367
FreeBSD "inet_network()" Off-By-One Vulnerability

Source: SECUNIA
Type: Third Party Advisory
28367

Source: SECUNIA
Type: Third Party Advisory
28429

Source: SECUNIA
Type: Third Party Advisory
28487

Source: CCN
Type: SA28579
ISC BIND libbind "inet_network()" Off-By-One Vulnerability

Source: SECUNIA
Type: Third Party Advisory
28579

Source: CCN
Type: SA29161
IBM AIX libc "inet_network()" Off-By-One Vulnerability

Source: SECUNIA
Type: Third Party Advisory
29161

Source: SECUNIA
Type: Third Party Advisory
29323

Source: SECUNIA
Type: Third Party Advisory
30313

Source: CCN
Type: SA30538
Sun Solaris "inet_network()" Off-By-One Vulnerability

Source: SECUNIA
Type: Third Party Advisory
30538

Source: CCN
Type: SA30718
Avaya CMS Solaris "inet_network()" Off-By-One Vulnerability

Source: SECUNIA
Type: Third Party Advisory
30718

Source: CCN
Type: FreeBSD-SA-08:02.libc
inet_network() buffer overflow

Source: FREEBSD
Type: Patch, Vendor Advisory
FreeBSD-SA-08:02

Source: CCN
Type: SECTRACK ID: 1019189
FreeBSD libc Buffer Overflow in inet_network() May Let Users Deny Service or Execute Arbitrary Code

Source: SUNALERT
Type: Broken Link
238493

Source: CCN
Type: Sun Alert ID: 238493
Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm

Source: CCN
Type: ASA-2008-244
Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications (Sun 238493)

Source: CCN
Type: Internet Systems Consortium Web site
BIND: buffer overflow in inet_network()

Source: CONFIRM
Type: Vendor Advisory
http://www.isc.org/index.pl?/sw/bind/bind-security.php

Source: CCN
Type: US-CERT VU#203611
inet_network() off-by-one buffer overflow

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#203611

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0300

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080124 rPSA-2008-0029-1 bind bind-utils

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
27283

Source: CCN
Type: BID-27283
Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1019189

Source: CCN
Type: TLSA-2008-7
Off-by-one error

Source: VUPEN
Type: Permissions Required
ADV-2008-0193

Source: VUPEN
Type: Permissions Required
ADV-2008-0703

Source: VUPEN
Type: Permissions Required
ADV-2008-1743

Source: CCN
Type: IBM Subscription service Bulletin 4140
AIX libc inet_network buffer overflow

Source: CONFIRM
Type: Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow

Source: CONFIRM
Type: Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=429149

Source: XF
Type: Third Party Advisory, VDB Entry
freebsd-inetnetwork-bo(39670)

Source: XF
Type: UNKNOWN
iscbind-inetnetwork-bo(39670)

Source: CONFIRM
Type: Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

Source: CONFIRM
Type: Third Party Advisory
https://issues.rpath.com/browse/RPL-2169

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:10190

Source: FEDORA
Type: Third Party Advisory
FEDORA-2008-0903

Source: FEDORA
Type: Third Party Advisory
FEDORA-2008-0904

Source: SUSE
Type: SUSE-SR:2008:006
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:isc:bind:*:*:*:*:*:*:*:* (Version <= 9.4.2)

AND

cpe:/o:freebsd:freebsd:6.2:-:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p1:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p10:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p11:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p12:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p4:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p5:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p6:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p7:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p8:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:p9:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:rc1:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:rc2:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:-:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p1:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p10:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p11:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p12:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p13:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p14:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p15:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p2:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p3:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p4:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p5:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p6:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p7:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p8:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:p9:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.3:rc2:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:-:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p1:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p10:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p11:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p2:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p3:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p4:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p5:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p6:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p7:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p8:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.4:p9:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:isc:bind:9.3.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.3.1:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.3.2:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.3.3:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.4.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.4.1:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a1:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a2:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a3:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a4:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a5:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.3.4:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.2.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.1:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.4.2:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a6:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a7:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:b1:*:*:-:*:*:*

OR cpe:/a:isc:bind:8:*:*:*:-:*:*:*

AND

cpe:/o:sun:solaris:8::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:6.2:-:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20080122	V	CVE-2008-0122	2015-11-16
oval:org.mitre.oval:def:22620	P	ELSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10190	V	Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.	2013-04-29
oval:com.redhat.rhsa:def:20080300	P	RHSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)	2008-05-21