RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
BID:12965
Info
RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 12965 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0979 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of this vulnerability is credited to Bahaa Naamneh <[email protected]>. |
| Vulnerable: |
NetManage RUMBA 7.4 NetManage RUMBA 7.3 |
| Not Vulnerable: | |
Discussion
RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
RUMBA is reported prone to multiple buffer overflow vulnerabilities. Theses issues are reported to manifest when RTO and WPA profiles are loaded by the software.
Ultimately it is conjectured that this issue may be exploited by a remote attacker to execute arbitrary attacker-supplied code in the context of the vulnerable software.
RUMBA version 7.3 is reported prone to this issue, previous versions are also reported to be affected.
RUMBA is reported prone to multiple buffer overflow vulnerabilities. Theses issues are reported to manifest when RTO and WPA profiles are loaded by the software.
Ultimately it is conjectured that this issue may be exploited by a remote attacker to execute arbitrary attacker-supplied code in the context of the vulnerable software.
RUMBA version 7.3 is reported prone to this issue, previous versions are also reported to be affected.
Exploit / POC
RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
The following proof of concepts are available:
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
The following proof of concepts are available:
Solution / Fix
RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities
References:
References:
- Rumba FTP Client Homepage (NetManage)
- Buffer Overflow within the RUMBA product (Bahaa Naamneh
- NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities (Bahaa Naamneh