Indent File Parsing Overflow

2003-12-26T09:18:01
ID OSVDB:3224
Type osvdb
Reporter OSVDB
Modified 2003-12-26T09:18:01

Description

Vulnerability Description

A local overflow exists in Indent. The handle_token_colon() function fails to perform bounds checking, resulting in a heap overflow. With a specially crafted .c file, an attacker can cause a buffer overflow and execute arbitrary code in the context of the user, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in Indent. The handle_token_colon() function fails to perform bounds checking, resulting in a heap overflow. With a specially crafted .c file, an attacker can cause a buffer overflow and execute arbitrary code in the context of the user, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Secunia Advisory ID:10499 Other Advisory URL: http://marc.theaimsgroup.com/?l=full-disclosure&m=107244902909280&w=2 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/3799.html ISS X-Force ID: 14091 Bugtraq ID: 9297