NetCat Exec Mode Client Request Buffer Overflow Vulnerability
BID:12106
Info
NetCat Exec Mode Client Request Buffer Overflow Vulnerability
| Bugtraq ID: | 12106 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 27 2004 12:00AM |
| Updated: | Dec 27 2004 12:00AM |
| Credit: | Discovery is credited to class 101. |
| Vulnerable: |
NetCat NetCat 1.1 |
| Not Vulnerable: |
NetCat NetCat 1.11 |
Discussion
NetCat Exec Mode Client Request Buffer Overflow Vulnerability
NetCat is prone to a remotely exploitable buffer overflow. This issue is exposed when the program handles a client request when listening in exec mode, which is specified by the '-e' command line option.
Successful exploitation will allow execution of arbitrary code in the context of the program.
It is noted that this issue affects the Windows port, and is not known or confirmed to affect the UNIX-based netcat utility.
NetCat is prone to a remotely exploitable buffer overflow. This issue is exposed when the program handles a client request when listening in exec mode, which is specified by the '-e' command line option.
Successful exploitation will allow execution of arbitrary code in the context of the program.
It is noted that this issue affects the Windows port, and is not known or confirmed to affect the UNIX-based netcat utility.
Exploit / POC
NetCat Exec Mode Client Request Buffer Overflow Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
NetCat Exec Mode Client Request Buffer Overflow Vulnerability
Solution:
This issue has been addressed in NetCat 1.11.
NetCat NetCat 1.1
Solution:
This issue has been addressed in NetCat 1.11.
NetCat NetCat 1.1
-
NetCat NetCat 1.11
http://www.vulnwatch.org/netcat/nc111nt.zip
References
NetCat Exec Mode Client Request Buffer Overflow Vulnerability
References:
References:
- NetCat Product Page (NetCat)