BID:22652

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

Info

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

Bugtraq ID:	22652
Class:	Boundary Condition Error
CVE:	CVE-2007-1074
Remote:	Yes
Local:	No
Published:	Feb 21 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Marsu <[email protected]> is credited with the discovery of these issues.
Vulnerable:	NewsBin Pro NewsBin Pro 5.33

Not Vulnerable:

Discussion

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

NewsBin Pro is prone to two remote buffer-overflow vulnerabilities because the application fails to properly sanitize user-supplied input prior to copying it to insufficiently sized memory buffers.

A remote attacker may exploit these vulnerabilities to execute arbitrary code. Failed exploit attempts will crash the affected application, denying service to legitimate users.

Exploit / POC

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

Exploit code has been provided for the 'DataPath' issue:

/data/vulnerabilities/exploits/22652.c

Solution / Fix

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

NewsBin Pro NBI File Remote Buffer Overflow Vulnerabilities

References:

NewsBin Pro Homepage (NewsBin Pro )