Emil Error String Overflow

2004-03-25T08:21:51
ID OSVDB:4562
Type osvdb
Reporter Ulf Härnhammar()
Modified 2004-03-25T08:21:51

Description

Vulnerability Description

A remote overflow exists in Emil. Emil fails to construct error messages properly resulting in a string overflow. With a specially crafted request, an attacker can cause Emil to print error messages resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 2.1.0-beta9-11woody1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Emil. Emil fails to construct error messages properly resulting in a string overflow. With a specially crafted request, an attacker can cause Emil to print error messages resulting in a loss of confidentiality and integrity.

References:

Secunia Advisory ID:11211 Related OSVDB ID: 4561 Other Advisory URL: http://www.debian.org/security/2004/dsa-468 Keyword: Debian CVE-2004-0153