Info

Disclosure

Dec 20, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in htget. The application fails to properly check boundaries in htget.c resulting in a buffer overflow. With an overly long URL request, a remote attacker could cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 0.94 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jack Whitham

htget

0.93

References

Security Tracker: 1012627
Secunia Advisory ID: 13579
CVE ID: 2004-0852 (see also: NVD)
Other Advisory URL: http://www.debian.org/security/2004/dsa-611
Vendor URL: http://www.jwhitham.org.uk/op/htget/

Credit

infamous41md - infamous41mdhotpop.com -

Direct URL: http://osvdb.org/36218