Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Remote DoS in libevent DNS parsing <= 1.2a

from [Jon Oberheide] Network Security [Permanent Link]
Subject: [Full-disclosure] Remote DoS in libevent DNS parsing <= 1.2a
Date: Sun, 18 Feb 2007 21:00:26 -0500 
Author:  Jon Oberheide <jon@oberheide.org>
Date:    Sun, February 18th, 2007


Summary
=======

Application:              libevent
Affected Versions:        1.2 - 1.2a
Vendor Website:           http://monkey.org/~provos/libevent/
Type of Vulnerability:    Denial of Service - Remote


Background
==========

The libevent API provides a mechanism to execute a callback function
when a specific event occurs on a file descriptor or after a timeout
has been reached.  Furthermore, libevent also support callbacks due
to signals or regular timeouts.

libevent is meant to replace the event loop found in event driven
network servers. An application just needs to call event_dispatch()
and then add or remove events dynamically without having to change
the event loop.  Currently, libevent supports /dev/poll, kqueue(2),
select(2), poll(2) and epoll(4).

Recently, support for non-blocking DNS resolution was added to
libevent.


Description
===========

A bug exists in the parsing of DNS responses in libevent, specifically
in the handling of label pointers.  Label pointers in DNS are meant to
cut down on redundant information and overall response size by
allowing a label to reference an arbitrary byte offset in the packet.
If a pointer references its own offset, a pointer loop is formed.
libevent's parsing code does not properly handle such pointer loops.


Impact
======

A malicious resolver, authoritative server, or inline attacker can
send a DNS reply containing a pointer loop, causing libevent's DNS
parsing to enter an endless loop, effectively DoS'ing the service.


Resolution
==========

Applications utilizing the DNS resolution functionality of libevent
should upgrade to version >= 1.3.

-- 
Jon Oberheide <jon@oberheide.org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Remote DoS in libevent DNS parsing <= 1.2a, Jon Oberheide <=
Previous by Date:  Re: [Full-disclosure] [inbox] Re: Drive-by Pharming, Exibar
Previous by Thread:  [Full-disclosure] XSS & SQL bugs in Conference website, Scarlet Pimpernel
Indexes:  [Date] [Thread] [Top] [All Lists]