Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
BID:10192
Info
Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 10192 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0408 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery of this vulnerability has been credited to Jack <[email protected]>. |
| Vulnerable: |
Michael Bacarella ident2 1.4 Michael Bacarella ident2 1.3 -1 Michael Bacarella ident2 1.3 Michael Bacarella ident2 0.0.999 c |
| Not Vulnerable: | |
Discussion
Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
A remote buffer overflow vulnerability has been reported to affect the Michael Bacarella ident2 daemon. The issue is reported to present itself due to a lack of sufficient boundary checks performed on user-supplied data, before it is copied into a reserved buffer in process memory.
It is possible for a remote attacker to overrun the bounds of the affected buffer and corrupt a restricted region of adjacent memory. Because this data may potentially hold values that are crucial to controlling process execution flow, it may be possible for a remote attacker to exploit this issue to have arbitrary instructions executed.
A remote buffer overflow vulnerability has been reported to affect the Michael Bacarella ident2 daemon. The issue is reported to present itself due to a lack of sufficient boundary checks performed on user-supplied data, before it is copied into a reserved buffer in process memory.
It is possible for a remote attacker to overrun the bounds of the affected buffer and corrupt a restricted region of adjacent memory. Because this data may potentially hold values that are crucial to controlling process execution flow, it may be possible for a remote attacker to exploit this issue to have arbitrary instructions executed.
Exploit / POC
Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
Solution:
Debian has released an advisory (DSA 494-1) and fixes to address this issue. Further details regarding obtaining and applying appropriate fixes can be found in the referenced advisory.
Michael Bacarella ident2 1.3
Solution:
Debian has released an advisory (DSA 494-1) and fixes to address this issue. Further details regarding obtaining and applying appropriate fixes can be found in the referenced advisory.
Michael Bacarella ident2 1.3
-
Debian ident2_1.03-3woody1_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_alpha.deb -
Debian ident2_1.03-3woody1_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_arm.deb -
Debian ident2_1.03-3woody1_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_hppa.deb -
Debian ident2_1.03-3woody1_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_i386.deb -
Debian ident2_1.03-3woody1_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_ia64.deb -
Debian ident2_1.03-3woody1_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_m68k.deb -
Debian ident2_1.03-3woody1_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_mips.deb -
Debian ident2_1.03-3woody1_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_mipsel.deb -
Debian ident2_1.03-3woody1_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_powerpc.deb -
Debian ident2_1.03-3woody1_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_s390.deb -
Debian ident2_1.03-3woody1_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woo dy1_sparc.deb
References
Michael Bacarella IDent2 Daemon Child_Service Remote Buffer Overflow Vulnerability
References:
References:
- Ident2 Homepage (Michael Bacarella)