Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
BID:21217
Info
Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
| Bugtraq ID: | 21217 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 23 2006 09:45PM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
Fuzzball Fuzzball MUCK 6.06 |
| Not Vulnerable: |
Fuzzball Fuzzball MUCK 6.07 |
Discussion
Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
Fuzzball MUCK is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary code in the context of the user running the affected application. Attackers may also cause Fuzzball MUCK to crash, denying service to legitimate users.
Versions prior to 6.07 are vulnerable.
Fuzzball MUCK is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary code in the context of the user running the affected application. Attackers may also cause Fuzzball MUCK to crash, denying service to legitimate users.
Versions prior to 6.07 are vulnerable.
Exploit / POC
Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
Solution:
The vendor has released version 2.2fb6.07 to address this issue; please see the references for details.
Fuzzball Fuzzball MUCK 6.06
Solution:
The vendor has released version 2.2fb6.07 to address this issue; please see the references for details.
Fuzzball Fuzzball MUCK 6.06
-
Fuzzball fbmuck-6.07.tar.gz
http://downloads.sourceforge.net/fbmuck/fbmuck-6.07.tar.gz
References
Fuzzball MUCK Message Parsing Interpreter Buffer Overflow Vulnerability
References:
References:
- Fuzzball MUCK File Release Notes and Changelog (Fuzzball MUCK)
- Fuzzball MUCK Web Site (Fuzzball MUCK)