Timbuktu for Mac OS X Connection Saturation Overflow DoS

2004-11-19T12:08:06
ID OSVDB:11934
Type osvdb
Reporter Stephen de Vries(stephen@corsaire.com)
Modified 2004-11-19T12:08:06

Description

Vulnerability Description

Timbuktu contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker makes a number of concurrent connections to TCP port 407 and repeatedly sends a particular string of data, which will overwrite a memory buffer and crash the server process, resulting in a loss of availability.

Solution Description

Upgrade to version 7.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Timbuktu contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker makes a number of concurrent connections to TCP port 407 and repeatedly sends a particular string of data, which will overwrite a memory buffer and crash the server process, resulting in a loss of availability.

References:

Security Tracker: 1012268 Secunia Advisory ID:13250 Other Advisory URL: http://www.uniras.gov.uk/vuls/2004/190204/index.htm Other Advisory URL: http://www.corsaire.com/advisories/c040720-001.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0784.html Keyword: TCP port 407 ISS X-Force ID: 18172 CVE-2004-0810 Bugtraq ID: 11714