T-021: libspf2 DNS TXT Vulnerability

Tags

dns, security, txt

Special Forums Cybersecurity Security Advisories (RSS) T-021: libspf2 DNS TXT Vulnerability

11-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

T-021: libspf2 DNS TXT Vulnerability

libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. An SPF record is a DNS Resource Record (RR) that declares which hosts are, and are not, authorized to use a domain name for the "HELO" and "MAIL FROM" identities. The risk is MEDIUM. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a system running libspf2.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

In BIND 9.3 DNS trying to get past the 256 char limit in SPF TXT records

One way I was told to do was incase strings in quotes. But I was given this option if I can get it to work. Will this work for splitting up SPF records? I am try to make bx.example.com reference spf.eu.***, spfa.eu.***, spfb.eu.***, and spfc.eu.***. spf.eu.example.com 3600 IN TXT "v=spf1...

LEARN ABOUT MOJAVE

net::dns::rr::rp5.18

Net::DNS::RR::RP(3)					User Contributed Perl Documentation				       Net::DNS::RR::RP(3)

NAME

       Net::DNS::RR::RP - DNS RP resource record

SYNOPSIS

	   use Net::DNS;
	   $rr = new Net::DNS::RR('name RP mbox txtdname');

DESCRIPTION

       Class for DNS Responsible Person (RP) resource records.

METHODS

       The available methods are those inherited from the base class augmented by the type-specific methods defined in this package.

       Use of undocumented package features or direct access to internal data structures is discouraged and could result in program termination or
       other unpredictable behaviour.

   mbox
	   $mbox = $rr->mbox;

       A domain name which specifies the mailbox for the person responsible for this domain.  Its format in master files uses the DNS convention
       for mailbox encoding, identical to that used for the RNAME mailbox field in the SOA RR.	The root domain name (just ".") may be specified
       to indicate that no mailbox is available.

   txtdname
	   $txtdname = $rr->txtdname;

       A domain name identifying TXT RRs.  A subsequent query can be performed to retrieve the associated TXT records.	This provides a level of
       indirection so that the entity can be referred to from multiple places in the DNS.  The root domain name (just ".") may be specified to
       indicate that no associated TXT RR exists.

COPYRIGHT

       Copyright (c)1997-2002 Michael Fuhr.

       Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.

       All rights reserved.

       This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

       perl, Net::DNS, Net::DNS::RR, RFC1183 Section 2.2

perl v5.18.2							    2014-01-16						       Net::DNS::RR::RP(3)

Security Advisories (RSS)