Xtell Long AUTH String Overflow

2002-02-27T00:00:00
ID OSVDB:5837
Type osvdb
Reporter Spybreak(spybreak@host.sk)
Modified 2002-02-27T00:00:00

Description

Vulnerability Description

A remote overflow exists in Xtell. The program fails to perform proper length checking of the AUTH string obtained from the AUTH service resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Xtell. The program fails to perform proper length checking of the AUTH string obtained from the AUTH service resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://melkor.dnp.fmph.uniba.sk/~garabik/xtell.html Vendor Specific Solution URL: http://melkor.dnp.fmph.uniba.sk/~garabik/xtell/old/ Vendor Specific Advisory URL Security Tracker: 1003706 Related OSVDB ID: 5836 Related OSVDB ID: 5838 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0333.html ISS X-Force ID: 8312 CVE-2002-0332 Bugtraq ID: 4193