NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] ezbounce "sessions" Command Format String Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jul 04 2003 - 08:25:34 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
ezbounce "sessions" Command Format String Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9182/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, DoS, System access

WHERE:
From remote

SOFTWARE:
ezbounce 1.x

DESCRIPTION:
A vulnerability has been reported in ezbounce, which can be exploited
by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a format string error in the
"sessions" command. This can be exploited by supplying a specially
crafted string containing format specifiers to the "NICK" command,
which may allow execution of arbitrary code on the system with the
privileges of ezbounce.

Successful exploitation requires knowledge of a valid username and
password combination. Furthermore, the detach command must the
enabled for the user.

An exploit is in the wild.

Reportedly, it is also possible to execute arbitrary commands without
being logged in on the beta versions. However, execution of most
commands will result in a crash.

SOLUTION:
Apply patches.

ezbounce 1.0x series (all versions):
http://druglord.freelsd.org/ezbounce/ezb-1.04a-crash-fix-patch

ezbounce 1.50-pre series (all versions):
http://druglord.freelsd.org/ezbounce/ezb-1.50-crash-fix-patch

REPORTED BY / CREDITS:
Vade79

ORIGINAL ADVISORY:
http://druglord.freelsd.org/ezbounce/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]