Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability

Bugtraq ID:	12347
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 24 2005 12:00AM
Updated:	Jan 24 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to 3APA3A <[email protected]>.
Vulnerable:	bld bld 0.3.1 bld bld 0.3 bld bld 0.2.4 bld bld 0.2.3 bld bld 0.2.2 bld bld 0.2.1
Not Vulnerable:	bld bld 0.3.2

Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability

Blacklist Daemon BLD is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code.

This vulnerability affects bld 0.3.1 and prior versions.

Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability

The researcher responsible for discovering this issue has developed exploit code to leverage this issue. The exploit code has not been released to the public.

Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability

Solution:
The vendor has released bld 0.3.2 to address this issue.


bld bld 0.2.1

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

bld bld 0.2.2

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

bld bld 0.2.3

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

bld bld 0.2.4

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

bld bld 0.3

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

bld bld 0.3.1

• bld bld-0.3.2.tar.gz
  http://www.online.redhate.org/bld/bld-0.3.2.tar.gz

Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability

References:

• BLD: blacklist daemon Homepage (BLD)
  
• SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflo (3APA3A <[email protected]>)