Info

Disclosure

Nov 24, 2004

Discovery

Unknown

Dates

Exploit

Nov 24, 2004

Solution

Unknown

Description

A remote overflow exists in Open DC Hub. The product fails to properly check the size of a passed argument to the RedirectAll command resulting in a buffer overflow. With a specially crafted request, an attacker can execute code on the affected system.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.7.14-r2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Gentoo Linux has provided an updated package for its users. Instructions for installing this package are contained in the referenced Gentoo advisory.

Products

Open DC Hub

0.7.14

References

Security Tracker: 1012323
Bugtraq ID: 11747
Secunia Advisory ID: 13325 13326
ISS X-Force ID: 18254
CVE ID: 2004-1127 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1115.html
Vendor URL: http://opendchub.sourceforge.net/
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200411-37.xml
http://www.autistici.org/fdonato/advisory/OpenDcHub0.7.14-adv.txt

Credit

Donato Ferrante - fdonatoautistici.org - Personal Page

Direct URL: http://osvdb.org/36218