Amaya textarea rows Attribute Value Overflow

2006-04-12T09:02:36
ID OSVDB:24623
Type osvdb
Reporter Thomas Waldegger(bugtraq@morph3us.org)
Modified 2006-04-12T09:02:36

Description

Vulnerability Description

A remote overflow exists in Amaya. The product fails to filter hostile input associated with the 'textarea rows' html attribute resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Amaya. The product fails to filter hostile input associated with the 'textarea rows' html attribute resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.w3.org/Amaya/ Secunia Advisory ID:19670 Related OSVDB ID: 24624 Other Advisory URL: http://morph3us.org/advisories/20060412-amaya-94-2.txt Other Advisory URL: http://morph3us.org/advisories/20060412-amaya-94.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0245.html Keyword: BuHa Security-Advisory #10 ISS X-Force ID: 25791 FrSIRT Advisory: ADV-2006-1351 CVE-2006-1900 Bugtraq ID: 17507