Summary | Local hostname resolution buffer overflow |
---|---|
Date | 2004-08-26 |
CVE Number | CVE-2004-0785 |
Discovered By | Sean (infamous42md) |
Fixed In Release | 0.82 |
Buffer overflow. If the local computer’s host name is not in /etc/hosts, and
the computer performs a DNS query to obtain its hostname when signing on to
zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN
(generally 64 bytes). If gethostbyname()
does not ensure the size of
hostent->h_name
is less than MAXHOSTNAMELEN
, this value would be copied to
a buffer that is not large enough.
The calls to copy the hostname were replaced with calls that check the length of the destination buffer.