DSA-1659 libspf2 -- buffer overflowID: oval:org.mitre.oval:def:7802 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Dan Kaminsky discovered that libspf2, an implementation of the Sender Policy Framework (SPF) used by mail servers for mail filtering, handles malformed TXT records incorrectly, leading to a buffer overflow condition (CVE-2008-2469). Note that the SPF configuration template in Debian's Exim configuration recommends to use libmail-spf-query-perl, which does not suffer from this issue.