Open DC Hub RedirectAll Value Overflow

2004-11-24T02:53:12
ID OSVDB:12137
Type osvdb
Reporter Donato Ferrante(fdonato@autistici.org)
Modified 2004-11-24T02:53:12

Description

Vulnerability Description

A remote overflow exists in Open DC Hub. The product fails to properly check the size of a passed argument to the RedirectAll command resulting in a buffer overflow. With a specially crafted request, an attacker can execute code on the affected system.

Technical Description

In order to execute the RedirectAll command and thus, exploit this vulnerability the attacker must be logged in as an administrator. When the command is executed the passed string is copied into a buffer that is not properly sanitized and a classical overflow occurs.

Solution Description

Upgrade to version 0.7.14-r2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Gentoo Linux has provided an updated package for its users. Instructions for installing this package are contained in the referenced Gentoo advisory.

Short Description

A remote overflow exists in Open DC Hub. The product fails to properly check the size of a passed argument to the RedirectAll command resulting in a buffer overflow. With a specially crafted request, an attacker can execute code on the affected system.

References:

Vendor URL: http://opendchub.sourceforge.net/ Security Tracker: 1012323 Secunia Advisory ID:13326 Secunia Advisory ID:13325 Other Advisory URL: http://www.autistici.org/fdonato/advisory/OpenDcHub0.7.14-adv.txt Other Advisory URL: http://security.gentoo.org/glsa/glsa-200411-37.xml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1115.html ISS X-Force ID: 18254 CVE-2004-1127 Bugtraq ID: 11747