iodine Client handshake() Function Overflow

2006-11-08T04:33:56
ID OSVDB:30182
Type osvdb
Reporter poplix()
Modified 2006-11-08T04:33:56

Description

Vulnerability Description

A remote overflow exists in Iodine client. The product fails to handle the 'handshake()' function during the handshakes from Iodine servers resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 0.3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Iodine client. The product fails to handle the 'handshake()' function during the handshakes from Iodine servers resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://code.kryo.se/iodine/ Vendor Specific News/Changelog Entry: http://code.kryo.se/iodine/CHANGELOG.txt Security Tracker: 1017155 Secunia Advisory ID:22674 Mail List Post: http://attrition.org/pipermail/vim/2006-November/001110.html Mail List Post: http://attrition.org/pipermail/vim/2006-November/001121.html FrSIRT Advisory: ADV-2006-4333 CVE-2006-5781 Bugtraq ID: 20883