The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.
The library is part of the POSIX library, which is used in BSD operating systems, like FreeBSD, NetBSD, OpenBSD. The libc library is also used in Apple’s OS X operating system.
According to Garret Wassermann, a vulnerability analyst at Carnegie Mellon’s Software Engineering Institute CERT/CC who disclosed the vulnerability yesterday, only a handful of implementations that use the library have publicly applied the fix.
The issue stems from problem with the obuf variable in the link_ntoa() function in linkaddr.c. Because of improper bounds checking, an attacker could have been able to read or write from memory.