Canna Remote Buffer Overflow Vulnerability
BID:1445
Info
Canna Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 1445 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 02 2000 12:00AM |
| Updated: | Jul 02 2000 12:00AM |
| Credit: | This vulnerability was first disclosed in an advisory by Shadow Penguin Security on June 29, 2000. It was subsequently disclosed via a number of vendor advisories. |
| Vulnerable: |
Canna Canna 3.5 b2 |
| Not Vulnerable: | |
Discussion
Canna Remote Buffer Overflow Vulnerability
A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to this are also vulnerable. By supplying an overly large username or groupname with the IR_INIT command, it is possible to trigger a remote buffer overflow condition.
Successful exploitation will enable a remote attacker to execute arbitrary code as the user the canna server is running as.
This vulnerability affects any system with 3.5b2 installed. FreeBSD has canna as part of its ports collection. FreeBSD itself does not install canna; as such, this vulnerability does not affect stock distributions of FreeBSD.
A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to this are also vulnerable. By supplying an overly large username or groupname with the IR_INIT command, it is possible to trigger a remote buffer overflow condition.
Successful exploitation will enable a remote attacker to execute arbitrary code as the user the canna server is running as.
This vulnerability affects any system with 3.5b2 installed. FreeBSD has canna as part of its ports collection. FreeBSD itself does not install canna; as such, this vulnerability does not affect stock distributions of FreeBSD.
Exploit / POC
Canna Remote Buffer Overflow Vulnerability
The following exploit was provided by UNYUN <[email protected]>:
The following exploit was provided by UNYUN <[email protected]>:
Solution / Fix
Canna Remote Buffer Overflow Vulnerability
Solution:
Information with regards to how to obtain fixes for Debian was published in the attached advisory (Debian-00-012: New version of canna released). The fix links provided in the advisory are no longer available.
FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD
systems are strongly urged to upgrade their ports tree to fix various
reported issues. Further information can be found in the referenced
Security Notice. This advisory supercedes the previous advisory (FreeBSD-SA-00:31).
Solution:
Information with regards to how to obtain fixes for Debian was published in the attached advisory (Debian-00-012: New version of canna released). The fix links provided in the advisory are no longer available.
FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD
systems are strongly urged to upgrade their ports tree to fix various
reported issues. Further information can be found in the referenced
Security Notice. This advisory supercedes the previous advisory (FreeBSD-SA-00:31).
References
Canna Remote Buffer Overflow Vulnerability
References:
References: