Mathopd prepare_reply Function Remote Overflow

2003-12-04T06:01:48
ID OSVDB:2923
Type osvdb
Reporter OSVDB
Modified 2003-12-04T06:01:48

Description

Vulnerability Description

Mathopd contains a flaw which may allow a remote attacker to cause a Denial of Service or execute arbitrary code. The flaw can be found in the "prepare_reply()" function in "request.c" which isn't properly checked.

Solution Description

Upgrade to version 1.4p2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mathopd contains a flaw which may allow a remote attacker to cause a Denial of Service or execute arbitrary code. The flaw can be found in the "prepare_reply()" function in "request.c" which isn't properly checked.

References:

Vendor Specific Solution URL: http://www.mathopd.org/download.html Secunia Advisory ID:10385 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0076.html ISS X-Force ID: 15474 Generic Informational URL: http://www.mathopd.org/ CVE-2003-1228 Bugtraq ID: 9871