LCDproc LCDd Multiple Remote Vulnerabilities
BID:10085
Info
LCDproc LCDd Multiple Remote Vulnerabilities
| Bugtraq ID: | 10085 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2004 12:00AM |
| Updated: | Apr 08 2004 12:00AM |
| Credit: | Discovery of these vulnerabilities has been credited to Priv8 Security Research <[email protected]>. |
| Vulnerable: |
LCDProc LCDProc 4.4 LCDProc LCDProc 4.3 LCDProc LCDProc 4.2 LCDProc LCDProc 4.1 LCDProc LCDProc 4.0 LCDProc LCDProc 0.4.1 -r1 LCDProc LCDProc 0.4 LCDProc LCDProc 0.3 |
| Not Vulnerable: | |
Discussion
LCDproc LCDd Multiple Remote Vulnerabilities
LCDproc Server (LCDd) has been reported to be prone to multiple remote vulnerabilities.
The first issue is reported to exist in the parse_all_client_messages() function of parse.c, and is due to a lack of sufficient boundary checks performed on user-supplied arguments. A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of the vulnerable service.
The second issue exists in the test_func_func() function of client_functions.c. Due to a lack of sufficient boundary checks an attacker may pass data to the function in a manner that is sufficient to trigger a buffer overflow. An attacker may leverage this condition to execute code in the context of the affected service.
Finally due the an erroneous implementation of a formatted print function contained in the test_func_func() function of client_functions.c.A remote attacker may supply format specifier characters. An attacker may leverage this condition to execute code in the context of the affected service.
LCDproc Server (LCDd) has been reported to be prone to multiple remote vulnerabilities.
The first issue is reported to exist in the parse_all_client_messages() function of parse.c, and is due to a lack of sufficient boundary checks performed on user-supplied arguments. A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of the vulnerable service.
The second issue exists in the test_func_func() function of client_functions.c. Due to a lack of sufficient boundary checks an attacker may pass data to the function in a manner that is sufficient to trigger a buffer overflow. An attacker may leverage this condition to execute code in the context of the affected service.
Finally due the an erroneous implementation of a formatted print function contained in the test_func_func() function of client_functions.c.A remote attacker may supply format specifier characters. An attacker may leverage this condition to execute code in the context of the affected service.
Exploit / POC
LCDproc LCDd Multiple Remote Vulnerabilities
The following proof of concept exploit has been supplied:
The following proof of concept exploit has been supplied:
Solution / Fix
LCDproc LCDd Multiple Remote Vulnerabilities
Solution:
NOTE: It has been reported that the previously referenced fix was insufficient to resolve this issue.
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=app-misc/lcdproc-0.4.5"
# emerge ">=app-misc/lcdproc-0.4.5"
The vendor has released an upgraded version of the software which is reported to deal with this issue completely:
LCDProc LCDProc 4.4
Solution:
NOTE: It has been reported that the previously referenced fix was insufficient to resolve this issue.
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=app-misc/lcdproc-0.4.5"
# emerge ">=app-misc/lcdproc-0.4.5"
The vendor has released an upgraded version of the software which is reported to deal with this issue completely:
LCDProc LCDProc 4.4
-
LCDProc lcdproc-0.4.5.tar.gz
http://lcdproc.omnipotent.net/download/lcdproc-0.4.5.tar.gz
References
LCDproc LCDd Multiple Remote Vulnerabilities
References:
References:
- LCDProc (LCDProc)
- PSR - #2004-001 Remote - LCDProc (Priv8 Security Research
) - PSR - #2004-002 Remote - LCDProc (Priv8 Security Research
) - UPDATE: LCDproc Buffer Overflow and Format String Vulnerabilities (Rene Wagner
)