Mtp-Target Server 1.2.2 Memory Corruption Vulnerability

2005-05-02T00:00:00
ID EDB-ID:25584
Type exploitdb
Reporter Luigi Auriemma
Modified 2005-05-02T00:00:00

Description

Mtp-Target Server 1.2.2 Memory Corruption Vulnerability. CVE-2005-1402. Dos exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/13463/info

The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes.

Immediate consequences of exploitation of this vulnerability are a denial of service. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25584.zip