Trillian IRC Component PRIVMSG Command Overflow

2002-09-19T22:40:30
ID OSVDB:10795
Type osvdb
Reporter Lance Fitz-Herbert(fitzies@hotmail.com)
Modified 2002-09-19T22:40:30

Description

Vulnerability Description

A remote overflow exists in Trillian. Trillian fails to validate the length of the "Sender" variable in the Privmsg command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or the execution of arbitrary code resulting in a loss of integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Trillian. Trillian fails to validate the length of the "Sender" variable in the Privmsg command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or the execution of arbitrary code resulting in a loss of integrity, and/or availability.

Manual Testing Notes

The exploit occurs when the "Sender" variable is larger than 206 bytes.

References:

Vendor URL: http://ceruleanstudios.com/ Mail List Post: http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html ISS X-Force ID: 10143 Generic Exploit URL: http://packetstormsecurity.org/0209-exploits/Trillian-Privmsg.c CVE-2002-1486 Bugtraq ID: 5755