Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
BID:12840
Info
Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 12840 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0807 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 18 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this vulnerability is credited to "Gary O'leary-Steele" <[email protected]>. |
| Vulnerable: |
Massimiliano Montoro Cain & Abel 2.65 |
| Not Vulnerable: |
Massimiliano Montoro Cain & Abel 2.66 |
Discussion
Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
Massimiliano Montoro Cain & Abel is reported prone to a heap-based buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed when processing certain IKE packet parameter data.
It is reported that a remote attacker may leverage this vulnerability to execute arbitrary code in the context of a victim user that is running the vulnerable application.
Cain & Abel version 2.65 is reported prone to this vulnerability.
Massimiliano Montoro Cain & Abel is reported prone to a heap-based buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed when processing certain IKE packet parameter data.
It is reported that a remote attacker may leverage this vulnerability to execute arbitrary code in the context of a victim user that is running the vulnerable application.
Cain & Abel version 2.65 is reported prone to this vulnerability.
Exploit / POC
Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
It is reported that the discoverer of this vulnerability has written an exploit for this vulnerability, this exploit corrupts the 'RtlEnterCriticalSection()' pointer. It is not believed that this exploit is publicly available.
It is reported that the discoverer of this vulnerability has written an exploit for this vulnerability, this exploit corrupts the 'RtlEnterCriticalSection()' pointer. It is not believed that this exploit is publicly available.
Solution / Fix
Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
Solution:
The vendor has released an update to address this issue:
Massimiliano Montoro Cain & Abel 2.65
Solution:
The vendor has released an update to address this issue:
Massimiliano Montoro Cain & Abel 2.65
-
Massimiliano Montoro Cain & Abel v2.66 for Windows NT/2000/XP
http://www.oxid.it/downloads/ca_setup.exe
References
Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
References:
References:
- Cain & Abel Homepage (Oxid.it)
- Cain & Abel PSK Sniffer Heap overflow ("Gary O'leary-Steele"