Genecys Remote Buffer Overflow and Denial Of Service Vulnerabilities

Bugtraq ID:	17969
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	May 13 2006 12:00AM
Updated:	May 16 2006 08:09PM
Credit:	Luigi Auriemma is credited with the discovery of these vulnerabilities.
Vulnerable:	Genecys Genecys 0.2
Not Vulnerable:

Genecys Remote Buffer Overflow and Denial Of Service Vulnerabilities

Genecys is susceptible to multiple remote vulnerabilities.

A buffer-overflow vulnerability and denial-of-service vulnerability affect Genecys and potentially allow remote attackers to execute arbitrary machine code and to crash the affected application.

Version 0.2 and prior, as well as the CVS version, are vulnerable to these issues; other versions may also be affected.

Genecys Remote Buffer Overflow and Denial Of Service Vulnerabilities

Luigi Auriemma has crafted an exploit; please see the reference section for further details.mailto:[email protected]

Genecys Remote Buffer Overflow and Denial Of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Genecys Remote Buffer Overflow and Denial Of Service Vulnerabilities

References:

• Exploit code for genecys (zip file) (Luigi Auriemma)
  
• Genecys Web Site (Genecys)
  
• Buffer-overflow and NULL pointer crash in Genecys 0.2 (Luigi Auriemma )