10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.911 High
EPSS
Percentile
98.9%
libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records.
libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408:
_An SPF record is a DNS Resource Record (RR) that declares which hosts are, and are not, authorized to use a domain name for the “HELO” and “MAIL FROM” identities. Loosely, the record partitions all hosts into permitted and not-permitted sets (though some hosts might fall into neither category)._libspf2 contins a buffer overflow in DNS TXT record parsing. According to Doxpara Research:
This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a system running libspf2.
Upgrade
Vendors and those who directly use libspf2 should upgrade to version 1.2.8.
Users that run a mail server or anti-spam products should consult their vendor for an appropriate patch.
183657
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 18, 2008 Updated: October 30, 2008
Statement Date: October 23, 2008
Affected
The BlueCat Meridius Email Gateway Appliance is vulnerable. BlueCat has issued a security patch which can be downloaded through the Meridius user interface using the standard mechanisms.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 16, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 16, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 24, 2008 Updated: October 16, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 17, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: November 07, 2008
Not Affected
The Cisco PSIRT is investigating this issue and has not found so far any Cisco product that is affected by this libspf2 vulnerability. If we determine that any of our products are vulnerable, information will be available at: <http://www.cisco.com/go/psirt/>. Please direct any questions to [email protected].
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 17, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: April 30, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: July 22, 2011
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: October 23, 2008
Statement Date: October 23, 2008
Not Affected
The Mailfoundry appliance does not utilize spf technology, and thus is not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 18, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 17, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 19, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 16, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: October 30, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 23, 2008 Updated: September 23, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 19, 2008 Updated: September 19, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 16, 2008 Updated: September 16, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 110 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported by Dan Kaminsky of Doxpara Research.
This document was written by Chris Taschner.
CVE IDs: | CVE-2008-2469 |
---|---|
Severity Metric: | 9.00 Date Public: |