Winny contains a buffer overflow

Overview

Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Winny (also referred to as WinNY) is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due to an unbounded strcpy() of remotely-supplied user input during the handling of certain commands provided by the file transfer feature. This flaw results in a heap-based buffer overflow vulnerability due to the lack of validation on the size of user input. A remote attacker may be able exploit this vulnerability by sending a specially crafted message to a vulnerable Winny installation.

---

Impact

A remote unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. The attacker-supplied code would be executed in the context of the user running Winny.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

Workarounds

Discontinue use of the product
Due to extenuating circumstances, the author is unable to provide patches for this issue. Users concerned with security should consider discontinuing use of the product.

---

Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group	Score	Vector
Base	0	AV:–/AC:–/Au:–/C:–/I:–/A:–
Temporal	0	E:ND/RL:ND/RC:ND
Environmental	0	CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

• <http://www.eeye.com/html/research/advisories/AD20060421.html&gt;
• <http://jvn.jp/jp/JVN%2374294680/index.html&gt;
• <http://secunia.com/advisories/19795/&gt;
• <http://www.securityfocus.com/bid/17666&gt;

Acknowledgements

Thanks to JPCERT/CC for reporting this vulnerability. Discovery and research of this vulnerability was performed by eEye Digital Security.

This document was written by Chad R Dougherty.

Other Information

CVE IDs:	CVE-2006-2007
Severity Metric:	3.42 Date Public: