Info

Disclosure

Oct 04, 2004

Discovery

Unknown

Dates

Exploit

Oct 04, 2004

Solution

Unknown

Description

A local overflow exists in spider. Spider fails to properly perfom bounds checking on the "read_file()" function in "movelog.c" resulting in a local overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Concern

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the Emuadmin security team has released a patch to address this vulnerability.

Products

Dale Scheetz

Spider

1.1

References

Security Tracker: 1011510
Secunia Advisory ID: 12716
ISS X-Force ID: 17573
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0021.html
http://archives.neohapsis.com/archives/bugtraq/2004-10/0029.html
Other Advisory URL: http://www.emuadmin.com/advisories/spider-1.1-10032004
Other Solution URL: http://www.emuadmin.com/contrib/software/spider/spider-1.1.patch

Credit

emuadmin Security Team - securityemuadmin.com - emuadmin

Direct URL: http://osvdb.org/36218