FreeBSD Security Advisory FreeBSD-SA-08:02.libc
Mike Tancsa
mike at sentex.net
Mon Jan 14 21:57:45 PST 2008
At 12:22 AM 1/15/2008, Mark Andrews wrote:
> >
> > For the "usual suspects" of applications running, (e.g. sendmail,
> > apache, BIND etc) would it be possible to pass crafted packets
> > through to this function remotely via those apps ? ie how easy
> is this to do
> > ?
>
> The usual suspects don't call inet_network().
> route calls inet_network() but not routed doesn't.
Thanks to all who responded so far! I had a look at some of the
ports I am using and so far all I found was
find . -name "*.c" | xargs grep inet_network
./apache13-modssl/work/apache_1.3.33/src/modules/proxy/proxy_util.c:
if (host[i] == '\0' && (ap_inet_addr(host) == -1 || inet_network(host) == -1))
---Mike
More information about the freebsd-security
mailing list