Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
BID:20941
Info
Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 20941 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2006 12:00AM |
| Updated: | Nov 08 2006 05:46PM |
| Credit: | Evgeny Legerov is credited with the discovery of this vulnerability. |
| Vulnerable: |
Xlink Technologies Omni-NFS Server 5.2 |
| Not Vulnerable: | |
Discussion
Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
Omni-NFS Server is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
Omni-NFS Server version 5.2 is vulnerable.
Omni-NFS Server is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
Omni-NFS Server version 5.2 is vulnerable.
Exploit / POC
Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
Attackers can use standard network tools to exploit this issue.
A sample exploit written for the Metasploit Framework has been provided:
Attackers can use standard network tools to exploit this issue.
A sample exploit written for the Metasploit Framework has been provided:
Solution / Fix
Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Omni-NFS Server NFSD.EXE Stack Buffer Overflow Vulnerability
References:
References:
- Omni-NFS Server Web Site (Omni-NFS)