Pound add_port() Function Remote Overflow

2005-04-26T10:14:51
ID OSVDB:15963
Type osvdb
Reporter Steven Van Acker(deepstar@ulyssis.org)
Modified 2005-04-26T10:14:51

Description

Vulnerability Description

A remote overflow exists in Pound. The add_port() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can crash the application resulting in a loss of availability.

Solution Description

Upgrade to version 1.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Pound. The add_port() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can crash the application resulting in a loss of availability.

References:

Vendor URL: http://www.apsis.ch/pound/ Vendor Specific Advisory URL Security Tracker: 1013824 Secunia Advisory ID:15142 Secunia Advisory ID:15202 Secunia Advisory ID:15679 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-29.xml Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jun/0004.html ISS X-Force ID: 20316 CVE-2005-1391 Bugtraq ID: 13436