Launchpad CVE tracker

CVE 2008-0122

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

Related bugs and status

CVE-2008-0122 (Candidate) is related to these bugs:

Bug #201954: bind9 apparmor profile does not allow access to /var/lib/bind

Summary				In	Importance	Status
	201954	bind9 apparmor profile does not allow access to /var/lib/bind		bind9 (Ubuntu)	Medium	Fix Released

Bug #203476: [libbind9] [CVE-2008-0122] off-by-one error in the inet_network function

		In	Importance	Status
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Ubuntu)	Undecided	Fix Released
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Debian)	Unknown	Fix Released
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Ubuntu Dapper)	Low	Won't Fix
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Ubuntu Edgy)	Low	Won't Fix
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Ubuntu Feisty)	Low	Won't Fix
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Ubuntu Gutsy)	Low	Won't Fix
203476	[libbind9] [CVE-2008-0122] off-by-one error in the inet_network function	bind9 (Gentoo Linux)	Medium	Invalid

Bug #203528: apparmor profile should be in complain mode on certain upgrades

Summary				In	Importance	Status
	203528	apparmor profile should be in complain mode on certain upgrades		bind9 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0122

References