DNS: DNS TXT Record Handling Remote Buffer Overflow
This signature detects attempts to exploit a known vulnerability in SPF Library Project libspf2. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Root system level. This signature should only be used to protect DNS servers under your control, and not for the Internet in general. This detects DNS TXT records 200 bytes or longer, which is common on the Internet. This library was used primarily in Debian 4.0 and was fixed in libspf2 version 1.2.8, released in mid-September, 2008. If you do not have a vulnerable version of libspf2, it is not recommended to use this signature, as it can false-positive on normal, non-malicious Internet traffic.
Extended Description
The 'libspf2' library is prone to a remote buffer-overflow vulnerability that stems from a lack of bounds checking when handling specially crafted DNS TXT records. Remote attackers may exploit this issue to execute arbitrary code in the context of an application using a vulnerable version of the library. Versions prior to 'libspf2' 1.2.8 are affected.
Affected Products
Libspf2 libspf2
Short Name
DNS:OVERFLOW:TXTRECORD
Severity
Critical
Recommended
False
Recommended Action
None
Category
DNS
Keywords
Buffer CVE-2008-2469 CVE-2012-5671 DNS Handling Overflow Record Remote TXT bid:31881
Release Date
11/20/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Frequently
Vendors
Gentoo
Libspf2
Debian
Astaro
CVSS Score
10.0
6.8