Info

Disclosure

Feb 08, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Emdros contains a flaw that may allow a local denial of service. The issue is triggered due to certain memory leaks within the MQL parser. By issuing a specially crafted request, a malicious user could cause the application to consume all available memory resulting in a loss of availability.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.2.22 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ulrik Petersen

Emdros

1.1.21

References

Bugtraq ID: 12498
Related OSVDB ID: 13651
Secunia Advisory ID: 14204
ISS X-Force ID: 19273
CVE ID: 2005-0415 (see also: NVD)
Vendor URL: http://emdros.org/
Vendor Specific Solution URL: http://sourceforge.net/project/showfiles.php?group_id=37219
Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=303465
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&a ......

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218