|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
A local overflow exists in dc20ctrl, a FreeBSD port. The program fails to validate input, resulting in a buffer overflow. With a specially crafted request, an attacker can obtain the privileges of setgid dialer resulting in a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to dc20ctrl version 0.4_1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds: (1) upgrade your entire ports collection and rebuild the dc20ctrl port, (2) deinstall the old package and install a new package dated after the correction date, (3) download a new port skeleton and rebuild the port and (4) use the portcheckout utility to automate aforementioned option (3).
|
|
Products |
|
FreeBSD
 |
3.5.1 |
4.2 |
|
dc20ctrl
|
0.0 |
0.1 |
0.2 |
0.3 |
0.4 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
