Pigeon Server Login Field Overflow DoS

2004-09-16T00:00:00
ID OSVDB:10008
Type osvdb
Reporter Luigi Auriemma(aluigi@altervista.org)
Modified 2004-09-16T00:00:00

Description

Vulnerability Description

Pigeon Server contains a flaw that may allow a remote denial of service. The issue is triggered when a login field longer than 8180 chars is sent, and will result in loss of availability for the service.

Solution Description

Upgrade to version 3.03.146 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Pigeon Server contains a flaw that may allow a remote denial of service. The issue is triggered when a login field longer than 8180 chars is sent, and will result in loss of availability for the service.

References:

Security Tracker: 1011333 Secunia Advisory ID:12585 Other Advisory URL: http://aluigi.altervista.org/adv/pigeonx-adv.txt Generic Exploit URL: http://aluigi.altervista.org/poc/pigeonx.zip CVE-2004-1688