Info

Disclosure

Dec 02, 2001

Discovery

Unknown

Dates

Exploit

Dec 02, 2001

Solution

Unknown

Description

A local overflow exists in SETI@home. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long string to the 'socks_server', 'socks_user' and/or 'socks_passwd' command line options, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

University of California

SETI@home

3.03

References

Security Tracker: 1002920
CVE ID: 2001-1553 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html
Vendor URL: http://setiathome.ssl.berkeley.edu/

Credit

Joe Testa - joetestahushmail.com - Personal page

Direct URL: http://osvdb.org/36218