Tetrix TetriNet Long DNS Hostname Remote Overflow

1999-02-17T13:03:45
ID OSVDB:9833
Type osvdb
Reporter Steven Hodges(nsn@raw.veloweb.com)
Modified 1999-02-17T13:03:45

Description

Vulnerability Description

A remote overflow exists in Tetrix TetriNet. The daemon fails to perform proper bounds checking resulting in a buffer overflow. By connecting to port 31457 with a hostname containing 122 characters or more, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Tetrix TetriNet. The daemon fails to perform proper bounds checking resulting in a buffer overflow. By connecting to port 31457 with a hostname containing 122 characters or more, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.mathjmendl.org/tetrinet.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0812.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0758.html ISS X-Force ID: 7500 CVE-1999-1060 Bugtraq ID: 340