cve-2004-0785-01

Summary Local hostname resolution buffer overflow
Date 2004-08-26
CVE Number CVE-2004-0785
Discovered By Sean (infamous42md)
Fixed In Release 0.82

Description

Buffer overflow. If the local computer’s host name is not in /etc/hosts, and the computer performs a DNS query to obtain its hostname when signing on to zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN (generally 64 bytes). If gethostbyname() does not ensure the size of hostent->h_name is less than MAXHOSTNAMELEN, this value would be copied to a buffer that is not large enough.

Mitigation

The calls to copy the hostname were replaced with calls that check the length of the destination buffer.

Looking to reach us via XMPP? Check out the new PidginChat service!