Mtp-Target Server 1.2.2 Memory Corruption Vulnerability

ID EDB-ID:25584
Type exploitdb
Reporter Luigi Auriemma
Modified 2005-05-02T00:00:00


Mtp-Target Server 1.2.2 Memory Corruption Vulnerability. CVE-2005-1402. Dos exploits for multiple platform


The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes.

Immediate consequences of exploitation of this vulnerability are a denial of service.