iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
BID:25772
Info
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25772 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5067 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 24 2007 12:00AM |
| Updated: | Apr 16 2015 06:09PM |
| Credit: | Krystian Kloskowski is credited with discovering this issue. |
| Vulnerable: |
Imatix Xitami 2.5 |
| Not Vulnerable: | |
Discussion
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
Xitami is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Xitami 2.5 is vulnerable to this issue; other versions may also be affected.
Xitami is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Xitami 2.5 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
An exploit is available for members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/xitami.tgz
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The following exploits are available:
An exploit is available for members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/xitami.tgz
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The following exploits are available:
Solution / Fix
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
References:
References:
- Xitami Homepage (iMatix)