AlternC Multiple Input Validation Vulnerabilities

Bugtraq ID:	21355
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 29 2006 12:00AM
Updated:	Nov 30 2006 04:59AM
Credit:	Vincent A.Menard is credited with the discovery of these vulnerabilities.
Vulnerable:	AlternC AlternC 0.9.5
Not Vulnerable:	AlternC AlternC 0.9.6

AlternC Multiple Input Validation Vulnerabilities

AlternC is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues could allow an attacker to access or modify sensitive data, create arbitrary files and directories, execute arbitrary JavaScript code in the context of the application, compromise the application, and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.

AlternC version 0.9.5 is vulnerable; earlier versions may also be affected.

AlternC Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

AlternC Multiple Input Validation Vulnerabilities

Solution:
The vendor has released version 0.9.6 to address these issue; please see the references for details.


AlternC AlternC 0.9.5

• AlternC AlternC version 0.9.6
  https://dev.alternc.org/trac/alternc/milestone/0.9.6

AlternC Multiple Input Validation Vulnerabilities

References:

• Alternc Web Site (Alternc)
  
• Multiple Vulnerabilities in AlternC version 0.9.5 (Vincent A.Menard )