samhain sh_hash_compdata() Function Local Overflow

2004-11-08T00:00:00
ID OSVDB:11525
Type osvdb
Reporter OSVDB
Modified 2004-11-08T00:00:00

Description

Vulnerability Description

A local overflow exists in samhain. The sh_hash_compdata() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity. No further details have been provided.

Technical Description

The flaw is only exploitable if the application is running in 'update' mode and if the user controls a directory checked by the application.

Solution Description

Upgrade to version 2.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in samhain. The sh_hash_compdata() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity. No further details have been provided.

References:

Vendor URL: http://la-samhna.de/samhain/ Security Tracker: 1012142 Secunia Advisory ID:13130 Related OSVDB ID: 11594 ISS X-Force ID: 18000 CVE-2004-2409 Bugtraq ID: 11635