APSIS Pound Remote Buffer Overflow Vulnerability
BID:13436
Info
APSIS Pound Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13436 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1391 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 29 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery credited to Steven Van Acker <[email protected]>. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 APSIS Pound 1.8.2 |
| Not Vulnerable: |
APSIS Pound 1.8.3 |
Discussion
APSIS Pound Remote Buffer Overflow Vulnerability
APSIS Pound is prone to a remote buffer overflow vulnerability due to insufficient bounds checking on supplied input. Successful exploitation could result in a denial of service or potential arbitrary code execution.
This issue was reported to affect Pound 1.8.2, however, earlier versions may also be vulnerable.
APSIS Pound is prone to a remote buffer overflow vulnerability due to insufficient bounds checking on supplied input. Successful exploitation could result in a denial of service or potential arbitrary code execution.
This issue was reported to affect Pound 1.8.2, however, earlier versions may also be vulnerable.
Exploit / POC
APSIS Pound Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
APSIS Pound Remote Buffer Overflow Vulnerability
Solution:
SUSE Linux has released advisory SUSE-SR:2005:015 to address this and other issues. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200504-29 to address this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/pound-1.8.3"
The vendor has addressed this issue in Pound 1.8.3:
APSIS Pound 1.8.2
Solution:
SUSE Linux has released advisory SUSE-SR:2005:015 to address this and other issues. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200504-29 to address this issue. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=www-servers/pound-1.8.3"
The vendor has addressed this issue in Pound 1.8.3:
APSIS Pound 1.8.2
-
APSIS Pound-1.8.3.tgz
http://www.apsis.ch/pound/Pound-1.8.3.tgz
References
APSIS Pound Remote Buffer Overflow Vulnerability
References:
References:
- Pound Homepage (APSIS)
- remote buffer overflow in pound 1.8.2 + question abotu Host header (Steven Van Acker