Mtp-Target Server Memory Corruption Vulnerability
BID:13463
Info
Mtp-Target Server Memory Corruption Vulnerability
| Bugtraq ID: | 13463 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1402 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Luigi Auriemma <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Mtp-Target Mtp-Target 1.2.2 |
| Not Vulnerable: | |
Discussion
Mtp-Target Server Memory Corruption Vulnerability
The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes.
Immediate consequences of exploitation of this vulnerability are a denial of service.
The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes.
Immediate consequences of exploitation of this vulnerability are a denial of service.
Exploit / POC
Mtp-Target Server Memory Corruption Vulnerability
The following exploit has been made available:
The following exploit has been made available:
Solution / Fix
Mtp-Target Server Memory Corruption Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mtp-Target Server Memory Corruption Vulnerability
References:
References:
- Mtp-Target (Luigi Auriemma)
- MTP-Target Homepage (MTP-Target)