Info

Disclosure

Feb 25, 2005

Discovery

Dec 01, 2004

Dates

Exploit

Feb 26, 2005

Solution

Mar 26, 2007

Description

A REMOTE overflow exists in BadBlue http Server. The BadBlue http Server fails to validate the mfcisapicommand parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Available
Disclosure: Vendor Verified

Solution

Upgrade to version 2.60 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

BadBlue	BadBlue Enterprise Edition	2.x
BadBlue	BadBlue Personal Edition	2.x

References

Security Tracker: 1013308
Secunia Advisory ID: 14405
CVE ID: 2005-0595 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0599.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0611.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0612.html
Vendor URL: http://www.badblue.com

Credit

Andres Tarasco - SIA Group

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

BadBlue

BadBlue Enterprise Edition

BadBlue Personal Edition

References

Credit