GLD server.c Remote Overflow

2005-04-12T02:38:52
ID OSVDB:15492
Type osvdb
Reporter dong-houn yoU(xploit@hackermail.com)
Modified 2005-04-12T02:38:52

Description

Vulnerability Description

A remote overflow exists in GLD. GLD fails to properly check boundaries in server.c functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in GLD. GLD fails to properly check boundaries in server.c functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.gasmi.net/gld.html Security Tracker: 1013678 Secunia Advisory ID:14941 Secunia Advisory ID:14951 Related OSVDB ID: 15493 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-10.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0174.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0169.html Keyword: INetCop Security Advisory #2005-0x82-026 Keyword: TCP port 2525 Keyword: GreyList Daemon CVE-2005-1099