Ebola AV Daemon Authentication Overflow

2003-12-04T07:10:49
ID OSVDB:2905
Type osvdb
Reporter OSVDB
Modified 2003-12-04T07:10:49

Description

Vulnerability Description

Ebola Anti-Virus 0.1.4 contains a remotely exploitable buffer overflow in the authentication sequence. The handle_PASS() function in ebola.c is not properly bounds checked. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 0.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ebola Anti-Virus 0.1.4 contains a remotely exploitable buffer overflow in the authentication sequence. The handle_PASS() function in ebola.c is not properly bounds checked. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.pldaniels.com/ebola/ Vendor Specific Advisory URL Secunia Advisory ID:10374