Info

Disclosure

Dec 15, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Yanf. The 'get()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Gastón Kleiman

Yanf

0.4

References

Security Tracker: 1012557
Bugtraq ID: 11975
Secunia Advisory ID: 13555
ISS X-Force ID: 18615
CVE ID: 2004-1303 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0195.html
Other Advisory URL: http://tigger.uic.edu/~jlongs2/holes/yanf.txt
Vendor URL: http://yanf.sourceforge.net/

Credit

Ariel Berkman -

Direct URL: http://osvdb.org/36218