TPTEST: Arbitrary code execution

Background TPTEST is a tool to measure the speed of a user’s Internet connection. Description The GetStatsFromLine function in TPTEST is vulnerable to buffer overflows from STATS lines with long email and pwd fields. Impact A remote attacker could send a specially-crafted STATS line, possibly...

CVE-2009-0659

Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-0659

Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-0659

CVE-2009-0659 affects TPTEST 3.1.7 and is described in connected sources as a stack-based buffer overflow in GetStatsFromLine that can be triggered by STATS lines with long email fields, potentially enabling remote exploitation with unknown impact. Gentoo GLSA 201310-16 specifies that the issue i...

TPTEST GetStatsFromLine()函数远程栈溢出漏洞

BUGTRAQ ID: 33785 TPTEST是用于测试Internet连接速度的工具。 TPTEST的engine/tpcommon.c或src/net/tpcommon.cpp文件的GetStatsFromLine函数在处理STATS命令时存在栈溢出漏洞。如果远程攻击者向服务器发送了带有超长email或pwd标签字段的STATS行的话，就可以触发这个溢出，导致执行任意代码。 TPTEST 3.1.7 厂商补丁： TPTEST ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...