ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
BID:21598
Info
ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21598 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2006 12:00AM |
| Updated: | Dec 14 2006 12:00AM |
| Credit: | Yutaka OIWA of the Italk project discovered these issues. |
| Vulnerable: |
Italk Italk Plus 0.92 Italk Italk Plus 0.91 |
| Not Vulnerable: |
Italk Italk Plus 0.92.1 |
Discussion
ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
Italk Plus is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues allows remote, unauthenticated attackers to execute arbitrary machine code in the context of affected servers. This may facilitate the compromise of affected computers.
Versions of Italk Plus prior to 0.92.1 are vulnerable to these issues.
Italk Plus is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues allows remote, unauthenticated attackers to execute arbitrary machine code in the context of affected servers. This may facilitate the compromise of affected computers.
Versions of Italk Plus prior to 0.92.1 are vulnerable to these issues.
Exploit / POC
ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
Solution:
The vendor has released an update that addresses these vulnerabilities. Please see the references for more information.
Italk Italk Plus 0.92
Italk Italk Plus 0.91
Solution:
The vendor has released an update that addresses these vulnerabilities. Please see the references for more information.
Italk Italk Plus 0.92
-
Italk italkplus-0.92.1.tar.gz
http://downloads.sourceforge.net/italk/italkplus-0.92.1.tar.gz?modtime =1166030466&big_mirror=0
Italk Italk Plus 0.91
-
Italk italkplus-0.92.1.tar.gz
http://downloads.sourceforge.net/italk/italkplus-0.92.1.tar.gz?modtime =1166030466&big_mirror=0
References
ITalk Plus Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
References:
References:
- Italk Project Page (Italk)
- Italk Project Security Advisory ITALK-SA-1-1 (Italk)
- Release Name: 0.92.1 (Italk)