T-021: libspf2 DNS TXT Vulnerability

Tags

dns, security, txt

Special Forums Cybersecurity Security Advisories (RSS) T-021: libspf2 DNS TXT Vulnerability

11-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

T-021: libspf2 DNS TXT Vulnerability

libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. An SPF record is a DNS Resource Record (RR) that declares which hosts are, and are not, authorized to use a domain name for the "HELO" and "MAIL FROM" identities. The risk is MEDIUM. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a system running libspf2.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

In BIND 9.3 DNS trying to get past the 256 char limit in SPF TXT records

One way I was told to do was incase strings in quotes. But I was given this option if I can get it to work. Will this work for splitting up SPF records? I am try to make bx.example.com reference spf.eu.***, spfa.eu.***, spfb.eu.***, and spfc.eu.***. spf.eu.example.com 3600 IN TXT "v=spf1...

LEARN ABOUT SUSE

mail::spf::mech::mx

Mail::SPF::Mech::MX(3)					User Contributed Perl Documentation				    Mail::SPF::Mech::MX(3)

NAME

       Mail::SPF::Mech::MX - SPF record "mx" mechanism class

DESCRIPTION

       An object of class Mail::SPF::Mech::MX represents an SPF record mechanism of type "mx".

   Constructors
       The following constructors are provided:

       new(%options): returns Mail::SPF::Mech::MX
	   Creates a new SPF record "mx" mechanism object.

	   %options is a list of key/value pairs representing any of the following options:

	   qualifier
	   domain_spec
	   ipv4_prefix_length
	   ipv6_prefix_length
	       See "new" in Mail::SPF::Mech.

       new_from_string($text, %options): returns Mail::SPF::Mech::MX; throws Mail::SPF::ENothingToParse, Mail::SPF::EInvalidMech
	   Creates a new SPF record "mx" mechanism object by parsing the string and any options given.

   Class methods
       The following class methods are provided:

       default_qualifier
       default_ipv4_prefix_length
       default_ipv6_prefix_length
       qualifier_pattern
	   See "Class methods" in Mail::SPF::Mech.

       name: returns string
	   Returns 'mx'.

       name_pattern: returns Regexp
	   Returns a regular expression that matches a mechanism name of 'mx'.

   Instance methods
       The following instance methods are provided:

       text
       qualifier
       params
       stringify
       domain
       match_in_domain
	   See "Instance methods" in Mail::SPF::Mech.

       domain_spec: returns Mail::SPF::MacroString
	   Returns the "domain-spec" parameter of the mechanism.

       ipv4_prefix_length: returns integer
	   Returns the IPv4 network prefix length of the mechanism.

       ipv6_prefix_length: returns integer
	   Returns the IPv6 network prefix length of the mechanism.

       match($server, $request): returns boolean
	   Checks whether any MX hosts of the mechanism's target domain name (that is, any of the host addresses of its DNS "MX" records) matches
	   the given request's IP address (see "ip_address" in Mail::SPF::Request), and returns true if it does, or false otherwise.  The
	   mechanism's IP network prefix lengths are respected when matching address records against the request's IP address.	See RFC 4408, 5
	   and 5.4, for the exact algorithm used.

SEE ALSO

       Mail::SPF, Mail::SPF::Record, Mail::SPF::Term, Mail::SPF::Mech

       <http://www.ietf.org/rfc/rfc4408.txt>

       For availability, support, and license information, see the README file included with Mail::SPF.

AUTHORS

       Julian Mehnle <julian@mehnle.net>, Shevek <cpan@anarres.org>

perl v5.12.1							    2010-07-05						    Mail::SPF::Mech::MX(3)

Security Advisories (RSS)