Advisory:  DNS TXT Record Parsing Bug in LibSPF2
Author:  Dan Kaminsky, Director of Penetration Testing, IOActive Inc, 
Dan.Kaminsky@ioactive.com (PGP Key In Appendix)
Abstract:

A relatively common bug parsing TXT records delivered over DNS, dating
at least back to 2002 in Sendmail 8.2.0 and almost certainly much
earlier, has been found in LibSPF2, a library frequently used to
retrieve SPF (Sender Policy Framework) records and apply policy
according to those records.  This implementation flaw allows for
relatively flexible memory corruption, and should thus be treated as a
path to anonymous remote code execution.  Of particular note is that the
remote code execution would occur on servers specifically designed to
receive E-Mail from the Internet, and that these systems may in fact be
high volume mail exchangers.  This creates privacy implications.  It is
also the case that a corrupted email server is a useful a