samhain sh_hash_compdata() Function NULL Pointer Dereference DoS

2004-11-08T00:00:00
ID OSVDB:11594
Type osvdb
Reporter OSVDB
Modified 2004-11-08T00:00:00

Description

Vulnerability Description

samhain contains a flaw that may allow a local denial of service. The problem is that the sh_hash_compdata() function fails to perform proper bounds checking resulting in a possible NULL-pointer being referenced, which may allow a malicious user to crash the application. No further details have been provided.

Solution Description

Upgrade to version 2.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

samhain contains a flaw that may allow a local denial of service. The problem is that the sh_hash_compdata() function fails to perform proper bounds checking resulting in a possible NULL-pointer being referenced, which may allow a malicious user to crash the application. No further details have been provided.

References:

Vendor URL: http://la-samhna.de/samhain/ Security Tracker: 1012142 Secunia Advisory ID:13130 Related OSVDB ID: 11525 CVE-2004-2410