Info

Disclosure

Nov 01, 2002

Discovery

Oct 31, 2002

Dates

Exploit

Nov 01, 2002

Solution

Unknown

Description

A local overflow exists in Abuse. The -net command-line argument fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the -net command line option, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Jonathan Clark

Abuse

2.00

References

ISS X-Force ID: 10519
CVE ID: 2002-1250 (see also: NVD)
Bugtraq ID: 6094
Vendor URL: http://jonathanclark.com/
Other Advisory URL: http://www.idefense.com/application/poi/display?id=43&type=vulnerabilities&flashstatus=false

Credit

Texonet - Texonet

Direct URL: http://osvdb.org/8864