Analog ALIAS Command Overflow

2001-02-13T00:00:00
ID OSVDB:1762
Type osvdb
Reporter OSVDB
Modified 2001-02-13T00:00:00

Description

Vulnerability Description

Analog contains a flaw that allows a local or remote user (depending on configuration) to gain administrative privileges. The issue is due to a buffer overflow in the ALIAS command. With a specially crafted request, an attacker can gain admin privileges resulting in a loss of integrity.

Solution Description

Upgrade to version 4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Analog contains a flaw that allows a local or remote user (depending on configuration) to gain administrative privileges. The issue is due to a buffer overflow in the ALIAS command. With a specially crafted request, an attacker can gain admin privileges resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL RedHat RHSA: RHSA-2001:017 ISS X-Force ID: 6105 CVE-2001-0301 Bugtraq ID: 2377