BID:25460

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

Info

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

Bugtraq ID:	25460
Class:	Boundary Condition Error
CVE:	CVE-2007-4566
Remote:	Yes
Local:	No
Published:	Aug 27 2007 12:00AM
Updated:	Sep 15 2009 06:41PM
Credit:	Joxean Koret is credited with the discovery of this vulnerability.
Vulnerable:	Alpha Centauri Software SIDVault 2.0e (Windows) Alpha Centauri Software SIDVault 2.0d (Windows) Alpha Centauri Software SIDVault 2.0d (Linux) Alpha Centauri Software SIDVault 2.0c (Windows) Alpha Centauri Software SIDVault 2.0c (Linux)

Not Vulnerable:	Alpha Centauri Software SIDVault 2.0f (Windows) Alpha Centauri Software SIDVault 2.0f (Linux)

Discussion

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

SIDVault is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

These issues affect versions prior to SIDVault 2.0f.

Exploit / POC

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following proofs of concept and exploits are available:

/data/vulnerabilities/exploits/25460-6.py
/data/vulnerabilities/exploits/25460.txt
/data/vulnerabilities/exploits/25460RootExploit.py
/data/vulnerabilities/exploits/25460-3.py
/data/vulnerabilities/exploits/25460-4.rb
/data/vulnerabilities/exploits/25460-5.py

Solution / Fix

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

Solution:
The vendor released SIDVault 2.0f to address this issue. Please see the references for more information.

Alpha Centauri Software SIDVault 2.0e (Windows)

Alpha Centauri Software sidvault20f.exe
http://www.alphacentauri.co.nz/download/sidvault20f.exe

Alpha Centauri Software SIDVault 2.0d (Linux)

Alpha Centauri Software sidvault20f_linuxlibc6.tar.gz
http://www.alphacentauri.co.nz/download/sidvault20f_linuxlibc6.tar.gz

References

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities

References:

SIDVault Homepage (Alpha Centauri Software)
SIDVault LDAP Server Remote Buffer Overflow ([email protected])