Aventail Connect Hostname Remote Buffer Overflow Vulnerability

Bugtraq ID:	23717
Class:	Boundary Condition Error
CVE:	CVE-2007-2434
Remote:	No
Local:	Yes
Published:	Apr 30 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Thomas Pollet is credited with the discovery of this vulnerability.
Vulnerable:	Aventail Connect 4.1.2.13
Not Vulnerable:

Aventail Connect Hostname Remote Buffer Overflow Vulnerability

Aventail Connect is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts wlll result in a denial of service.

This issue affects Aventail Connect 4.1.2.13; other versions may also be affected.

Aventail Connect Hostname Remote Buffer Overflow Vulnerability

The following proof-of-concept is available:

ssh $(perl -e 'print 'a'x2200')

Aventail Connect Hostname Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Aventail Connect Hostname Remote Buffer Overflow Vulnerability

References:

• Aventail Connect Homepage (Aventail)