Multiple Vendor 'inet_net_pton()' Function Integer Overflow Weakness

Bugtraq ID:	30803
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Aug 23 2008 12:00AM
Updated:	Aug 28 2008 08:14PM
Credit:	Maksymilian Arciemowicz
Vulnerable:	OpenBSD OpenBSD 4.3 ISC BIND 9.5.0-P2 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5
Not Vulnerable:

Multiple Vendor 'inet_net_pton()' Function Integer Overflow Weakness

Multiple vendors are prone to an integer-overflow weakness.

The return value of 'inet_net_pton()' is expected to be 0 or greater on success, or -1 on error. This integer-overflow weakness results in large negative values being returned. The affected function itself is not directly exploitable, but if its return value is used in further processing, it may expose third-party applications to vulnerabilities.

This issue affects OpenBSD 4.3, Mac OS X 10.5, and ISC BIND 9.5.0-P2; other platforms and versions may also be affected.

Multiple Vendor 'inet_net_pton()' Function Integer Overflow Weakness

Calling the affected function with a string similar to '127.0.0.1/2147483649' demonstrates this issue.

Multiple Vendor 'inet_net_pton()' Function Integer Overflow Weakness

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Vendor 'inet_net_pton()' Function Integer Overflow Weakness

References:

• [Full-disclosure] libc/net inet_net_pton() integer overflow (Maksymilian Arciemowicz)
  
• inet_net_pton() integer overflow (SecurityReason)
  
• ISC BIND Homepage (ISC)
  
• Mac OS X Homepage (Apple)
  
• OpenBSD Homepage (OpenBSD)