TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
BID:23292
Info
TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
| Bugtraq ID: | 23292 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1655 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2007 12:00AM |
| Updated: | Jun 23 2007 05:48PM |
| Credit: | duskwave discovered this issue. |
| Vulnerable: |
TinyMUX TinyMUX 2.4 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha |
| Not Vulnerable: | |
Discussion
TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
TinyMUX is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to crash the application and deny service to legitimate users. This issue may be leveraged to execute arbitrary code with the privileges of the application, but this has not been confirmed.
Version 2.4 is vulnerable; other versions may also be affected.
TinyMUX is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to crash the application and deny service to legitimate users. This issue may be leveraged to execute arbitrary code with the privileges of the application, but this has not been confirmed.
Version 2.4 is vulnerable; other versions may also be affected.
Exploit / POC
TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
Solution:
The vendor has released a fix for this issue in the SVN repository. Please see the references for more information.
TinyMUX TinyMUX 2.4
Solution:
The vendor has released a fix for this issue in the SVN repository. Please see the references for more information.
TinyMUX TinyMUX 2.4
-
TinyMUX funmath.cpp
http://tinymux.googlecode.com/svn/trunk/mux/src/funmath.cpp
References
TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
References:
References:
- Buffer overflow in fun_ladd (TinyMUX)
- TinyMUX 2.4: CHANGES (TinyMUX)
- Vendor Homepage (TinyMUX)
- [SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow (Steve Kemp
)