iBON Search Field Local Denial Of Service Vulnerability
BID:25133
Info
iBON Search Field Local Denial Of Service Vulnerability
| Bugtraq ID: | 25133 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 30 2007 12:00AM |
| Updated: | Jul 31 2007 07:45PM |
| Credit: | Edi Strosar of TeamIntell is credited with the discovery of this issue. |
| Vulnerable: |
iBON iBON 2006 |
| Not Vulnerable: |
iBON iBON 2007 |
Discussion
iBON Search Field Local Denial Of Service Vulnerability
iBON is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.
A successful exploit will consume CPU resources and cause the computer to become unresponsive.
NOTE: Attackers may be able to execute arbitrary code, but this hasn't been confirmed.
Versions prior to iBON 2007 are vulnerable.
iBON is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.
A successful exploit will consume CPU resources and cause the computer to become unresponsive.
NOTE: Attackers may be able to execute arbitrary code, but this hasn't been confirmed.
Versions prior to iBON 2007 are vulnerable.
Exploit / POC
iBON Search Field Local Denial Of Service Vulnerability
To exploit this issue, an attacker must submit 32,800 bytes or more of data to the affected search field.
To exploit this issue, an attacker must submit 32,800 bytes or more of data to the affected search field.
Solution / Fix
iBON Search Field Local Denial Of Service Vulnerability
Solution:
The vendor has reportedly resolved this issue with a patch in iBON 2007. Please contact the vendor for details.
Solution:
The vendor has reportedly resolved this issue with a patch in iBON 2007. Please contact the vendor for details.
References
iBON Search Field Local Denial Of Service Vulnerability
References:
References:
- Vendor Homepage (iBON)
- TISA2007-07-Public iBON 2006 memory corruption (TeamIntell)