AWFFull Unspecified Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	22215
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 24 2007 12:00AM
Updated:	Jan 25 2007 07:39PM
Credit:	The vendor disclosed these issues.
Vulnerable:	AWFFull AWFFull 3.7.1
Not Vulnerable:	AWFFull AWFFull 3.7.2

AWFFull Unspecified Multiple Buffer Overflow Vulnerabilities

AWFFull is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

A successful exploit may lead to remote arbitrary code execution with the privileges of the vulnerable application. Failed exploit attemtps will likely result in denial-of-service conditions.

AWFFull 3.7.1 and prior versions are vulnerable to this issue.

AWFFull Unspecified Multiple Buffer Overflow Vulnerabilities

An attacker may exploit these issues using readily available network tools.

AWFFull Unspecified Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor released version 3.7.2 to address these issues. Please see the references for more information.


AWFFull AWFFull 3.7.1

• AWFFull awffull-3.7.2.tar.gz
  http://www.stedee.id.au/files/awffull-3.7.2.tar.gz

AWFFull Unspecified Multiple Buffer Overflow Vulnerabilities

References:

• AWFFull Changes (AWFFull)
  
• AWFFull Homepage (AWFFull)