XTACACS Unspecified Buffer Overflow Vulnerability
BID:21107
Info
XTACACS Unspecified Buffer Overflow Vulnerability
| Bugtraq ID: | 21107 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2006 12:00AM |
| Updated: | Nov 20 2006 04:15PM |
| Credit: | GLEG Ltd is credited with discovering this vulnerability. |
| Vulnerable: |
Netplex Technologies Inc. XTACACS 4.1.2 |
| Not Vulnerable: | |
Discussion
XTACACS Unspecified Buffer Overflow Vulnerability
XTACACS is prone to an unspecified remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 4.12 is reported vulnerable; other versions may also be affected.
XTACACS is prone to an unspecified remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 4.12 is reported vulnerable; other versions may also be affected.
Exploit / POC
XTACACS Unspecified Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
XTACACS Unspecified Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
XTACACS Unspecified Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Netplex Technologies Inc.)