DNS: DNS TXT Record Handling Remote Buffer Overflow (1)
This signature detects attempts to exploit a known vulnerability in SPF Library Project libspf2. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Root system level. This signature should only be used to protect DNS servers under your control, and not for the Internet in general. This detects DNS TXT records 200 bytes or longer, which is common on the Internet. This library was used primarily in Debian 4.0 and was fixed in libspf2 version 1.2.8, released in mid-September, 2008. If you do not have a vulnerable version of libspf2, it is not recommended to use this signature, as it can false-positive on normal, non-malicious Internet traffic.
Extended Description
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
Affected Products
Libspf libspf2
Short Name
DNS:OVERFLOW:TXTRECORD-1
Severity
Major
Recommended
False
Recommended Action
None
Category
DNS
Keywords
(1) Buffer CVE-2008-2469 CVE-2012-5671 DNS Handling Overflow Record Remote TXT bid:31881
Release Date
02/09/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3730
False Positive
Unknown
Vendors
Libspf
CVSS Score
10.0
6.8