Libevent DNS Parsing Denial Of Service Vulnerability

Bugtraq ID:	22606
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1030
Remote:	Yes
Local:	No
Published:	Feb 18 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Jon Oberheide disclosed this issue.
Vulnerable:	Pardus Linux 2007.1 Libevent Libevent 1.2.a Libevent Libevent 1.2
Not Vulnerable:	Libevent Libevent 1.3

Libevent DNS Parsing Denial Of Service Vulnerability

Libevent is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause the application to crash, denying further service to legitimate users.

Versions 1.2 to 1.2a are vulnerable to this issue.

Libevent DNS Parsing Denial Of Service Vulnerability

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Libevent DNS Parsing Denial Of Service Vulnerability

Solution:
The vendor has released version 1.3 to address this issue. Please see the references for details.


Libevent Libevent 1.2

• Libevent libevent-1.3.tar.gz
  http://monkey.org/~provos/libevent-1.3.tar.gz

Libevent Libevent 1.2.a

• Libevent libevent-1.3.tar.gz
  http://monkey.org/~provos/libevent-1.3.tar.gz

Libevent DNS Parsing Denial Of Service Vulnerability

References:

• libevent - an event notification library (Libevent Homepage)