发布时间 :2000-12-11 00:00:00
修订时间 :2017-07-10 21:29:02

[原文]The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.

[CNNVD]FreeBSD getnameinfo函数漏洞(CNNVD-200012-035)

        FreeBSD 4.1.1及其早期版本和可能其他操作系统的getnameinfo函数存在漏洞。远程攻击者借助超长DNS主机名导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.1.1FreeBSD 4.1.1
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0
cpe:/o:freebsd:freebsd:4.1FreeBSD 4.1

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  getnameinfo-dos(5454)

- 漏洞信息

FreeBSD getnameinfo函数漏洞
中危 输入验证
2000-12-11 00:00:00 2005-10-20 00:00:00
        FreeBSD 4.1.1及其早期版本和可能其他操作系统的getnameinfo函数存在漏洞。远程攻击者借助超长DNS主机名导致服务拒绝。

- 公告与补丁

        FreeBSD has supplied upgrades to fix this vulnerability.
        FreeBSD FreeBSD 4.0

- 漏洞信息

FreeBSD getnameinfo Function Long Hostname DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

A remote overflow exists in FreeBSD. The getnameinfo() function fails to validate input resulting in an off-by-one overflow. With a specially crafted request involving a long DNS name, an attacker can crash the getnameinfo() function resulting in a loss of availability for the platform.

- 时间线

2000-11-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.1.1-STABLE after the correction date, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD getnameinfo() Denial of Service Vulnerability
Input Validation Error 1894
Yes No
2000-11-01 12:00:00 2009-07-11 03:56:00
First published in FreeBSD advisory SA-00:63 on November 1, 2000.

- 受影响的程序版本

FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0

- 漏洞讨论

The getnameinfo() function is used by network programs to retrieve the resolved names for the address and port values in socket address structures (it returns hostname and service name strings). The implementation of this fuction that ships with BSD systems contains an off-by-one vulnerability that can lead to a remotely caused denial of service. If a malicious user controlling the victims DNS server has the service return an "extra long" hostname in response to a query made through the use of getnameinfo(), the program calling the function will crash. This attack can be used to disable a "one time" service not spawned by inetd that uses getnameinfo() before forking any children to deal with clients.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

FreeBSD has supplied upgrades to fix this vulnerability.

FreeBSD FreeBSD 4.0

- 相关参考