|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Roger Wilco Client Data Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Sep 10 2003 - 07:27:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Roger Wilco Client Data Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA9693
VERIFY ADVISORY:
http://www.secunia.com/advisories/9693/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Roger Wilco 1.x
DESCRIPTION:
A vulnerability has been reported in Roger Wilco, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error when handling
data received from clients. The problem is that Roger Wilco trusts
the data length specified in a packet and therefore doesn't validate
it. This can be exploited to cause the program to allocate an
insufficiently sized buffer, which may result in a buffer overflow.
Successful exploitation may potentially allow execution of arbitrary
code on the system and doesn't require prior authentication.
The vulnerability has been reported in the following versions:
* Graphical server version 1.4.1.6 and prior.
* Dedicated server for win32 version 0.30a and prior.
* Dedicated server for linux/bsd version 0.27 and prior.
SOLUTION:
Use another product.
REPORTED BY / CREDITS:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/wilco-recvbof-adv.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]