Exploit the possiblities

libevent-dos.txt

libevent-dos.txt
Posted Feb 20, 2007
Authored by Jon Oberheide

A denial of service flaw exists in the parsing of DNS responses in libevent, specifically in the handling of label pointers. Versions 1.2 and 1.2a are affected.

tags | advisory, denial of service
MD5 | a21155e823885e05984c506fbe4cf71f

libevent-dos.txt

Change Mirror Download
Author:  Jon Oberheide <jon@oberheide.org>
Date: Sun, February 18th, 2007


Summary
=======

Application: libevent
Affected Versions: 1.2 - 1.2a
Vendor Website: http://monkey.org/~provos/libevent/
Type of Vulnerability: Denial of Service - Remote


Background
==========

The libevent API provides a mechanism to execute a callback function
when a specific event occurs on a file descriptor or after a timeout
has been reached. Furthermore, libevent also support callbacks due
to signals or regular timeouts.

libevent is meant to replace the event loop found in event driven
network servers. An application just needs to call event_dispatch()
and then add or remove events dynamically without having to change
the event loop. Currently, libevent supports /dev/poll, kqueue(2),
select(2), poll(2) and epoll(4).

Recently, support for non-blocking DNS resolution was added to
libevent.


Description
===========

A bug exists in the parsing of DNS responses in libevent, specifically
in the handling of label pointers. Label pointers in DNS are meant to
cut down on redundant information and overall response size by
allowing a label to reference an arbitrary byte offset in the packet.
If a pointer references its own offset, a pointer loop is formed.
libevent's parsing code does not properly handle such pointer loops.


Impact
======

A malicious resolver, authoritative server, or inline attacker can
send a DNS reply containing a pointer loop, causing libevent's DNS
parsing to enter an endless loop, effectively DoS'ing the service.


Resolution
==========

Applications utilizing the DNS resolution functionality of libevent
should upgrade to version >= 1.3.

--
Jon Oberheide <jon@oberheide.org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    15 Files
  • 24
    Jan 24th
    5 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close