GO-Global for Windows _USERSA_ Remote Overflow

2005-11-02T04:46:22
ID OSVDB:20464
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2005-11-02T04:46:22

Description

Vulnerability Description

A remote overflow exists in GO-Global. The server and clients fail to validate the USERSA fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.1.0.3281 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in GO-Global. The server and clients fail to validate the USERSA fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.graphon.com/products/GO-GlobalforWindows.shtml Secunia Advisory ID:17424 Packet Storm: http://packetstormsecurity.org/0511-advisories/ggwbof.txt Other Advisory URL: http://aluigi.altervista.org/adv/ggwbof-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0069.html FrSIRT Advisory: ADV-2005-2290 CVE-2005-3483 Bugtraq ID: 15285