Netris Client Server Response Buffer Overflow

2003-08-12T00:00:00
ID OSVDB:6685
Type osvdb
Reporter Shaun Moore(shaunige@yahoo.co.uk)
Modified 2003-08-12T00:00:00

Description

Vulnerability Description

A remote overflow exists in the Netris client. The product fails to check buffer boundaries when connecting to a Netris server resulting in a buffer overflow. With a specially crafted response, a malicious server can cause a buffer overflow resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 0.52 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in the Netris client. The product fails to check buffer boundaries when connecting to a Netris server resulting in a buffer overflow. With a specially crafted response, a malicious server can cause a buffer overflow resulting in a loss of integrity and/or availability.

References:

Vendor URL: http://www.netris.org/ Vendor Specific Advisory URL Secunia Advisory ID:9519 Other Advisory URL: http://www.debian.org/security/2003/dsa-372 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=106071059430211&w=2 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0127.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0149.html ISS X-Force ID: 12912 CVE-2003-0685 Bugtraq ID: 8400