T-021: libspf2 DNS TXT Vulnerability

Tags

dns, security, txt

Special Forums Cybersecurity Security Advisories (RSS) T-021: libspf2 DNS TXT Vulnerability

11-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

T-021: libspf2 DNS TXT Vulnerability

libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. An SPF record is a DNS Resource Record (RR) that declares which hosts are, and are not, authorized to use a domain name for the "HELO" and "MAIL FROM" identities. The risk is MEDIUM. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a system running libspf2.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

In BIND 9.3 DNS trying to get past the 256 char limit in SPF TXT records

One way I was told to do was incase strings in quotes. But I was given this option if I can get it to work. Will this work for splitting up SPF records? I am try to make bx.example.com reference spf.eu.***, spfa.eu.***, spfb.eu.***, and spfc.eu.***. spf.eu.example.com 3600 IN TXT "v=spf1...

LEARN ABOUT MOJAVE

net::dns::rr::txt5.18

Net::DNS::RR::TXT(3)					User Contributed Perl Documentation				      Net::DNS::RR::TXT(3)

NAME

       Net::DNS::RR::TXT - DNS TXT resource record

SYNOPSIS

	   use Net::DNS;
	   $rr = new Net::DNS::RR( 'name TXT  txtdata ...' );

	   $rr = new Net::DNS::RR( name    => 'name',
				   type    => 'TXT',
				   txtdata => 'single text string'
				   );

	   $rr = new Net::DNS::RR( name    => 'name',
				   type    => 'TXT',
				   txtdata => [ 'multiple', 'strings', ... ]
				   );

	   use utf8;
	   $rr = new Net::DNS::RR( 'jp TXT    XXXXXXXXXXXX' );

DESCRIPTION

       Class for DNS Text (TXT) resource records.

METHODS

       The available methods are those inherited from the base class augmented by the type-specific methods defined in this package.

       Use of undocumented package features or direct access to internal data structures is discouraged and could result in program termination or
       other unpredictable behaviour.

   txtdata
	   $string = $rr->txtdata;
	   @list   = $rr->txtdata;

	   $rr->txtdata( @list );

       When invoked in scalar context, txtdata() returns the descriptive text as a single string, regardless of the number of elements.

       In a list context, txtdata() returns a list of the text elements.

COPYRIGHT

       Copyright (c)2011 Dick Franks.

       All rights reserved.

       This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

       Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.

SEE ALSO

       perl, Net::DNS, Net::DNS::RR, RFC1035 Section 3.3.14, RFC3629

perl v5.18.2							    2014-01-16						      Net::DNS::RR::TXT(3)

Security Advisories (RSS)