ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
BID:25334
Info
ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 25334 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4278 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 15 2007 12:00AM |
| Updated: | Aug 30 2007 12:32AM |
| Credit: | An anonymous researcher reported this issue. |
| Vulnerable: |
ESRI ArcSDE 9.2 SP2 ESRI ArcSDE 9.2 SP1 ESRI ArcSDE 9.2 |
| Not Vulnerable: |
ESRI ArcSDE 9.2 SP3 |
Discussion
ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
ESRI ArcSDE Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue on an affected computer to execute code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
ArcSDE Server 9.2 is vulnerable; prior versions may also be affected.
ESRI ArcSDE Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue on an affected computer to execute code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
ArcSDE Server 9.2 is vulnerable; prior versions may also be affected.
Exploit / POC
ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
ESRI ArcSDE 9.2
ESRI ArcSDE 9.2 SP1
ESRI ArcSDE 9.2 SP2
Solution:
The vendor released an update to address this issue. Please see the references for more information.
ESRI ArcSDE 9.2
-
ESRI ArcSDE 9.2 Service Pack 3
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.vie wPatch&PID=66&MetaID=1316
ESRI ArcSDE 9.2 SP1
-
ESRI ArcSDE 9.2 Service Pack 3
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.vie wPatch&PID=66&MetaID=1316
ESRI ArcSDE 9.2 SP2
-
ESRI ArcSDE 9.2 Service Pack 3
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.vie wPatch&PID=66&MetaID=1316
References
ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
References:
References: