Info

Disclosure

Nov 11, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in DailyDose 1.1. The dose.pl script fails to validate the contents of the $temp variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote command execution resulting in code executed in the context of the web server.

Classification

Attack Type: Input Manipulation

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Edit the source code to ensure that input is properly verified or hardcode the data file names.

Products

Online Arts

DailyDose

1.1

References

Secunia Advisory ID: 10181
ISS X-Force ID: 13648
Bugtraq ID: 9000
Vendor URL: http://www.onlinearts.net/freeware/PERL/DailyDose/
Generic Exploit URL: http://www.securityfocus.com/archive/1/344032

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218