Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
BID:26160
Info
Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
| Bugtraq ID: | 26160 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5690 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 22 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | Michal Bucko discovered this issue. |
| Vulnerable: |
Zapata Telephony Zapatel 1.4.5 .1 |
| Not Vulnerable: | |
Discussion
Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
Zaptel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application using the library. Successful exploits can compromise affected applications and possibly the underlying computer. Failed exploit attempts will result in a denial of service.
Zaptel 1.4.5.1 is vulnerable; other versions may also be affected.
NOTE: Further reports indicate that an attacker would need superuser privileges to exploit this issue.
Zaptel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application using the library. Successful exploits can compromise affected applications and possibly the underlying computer. Failed exploit attempts will result in a denial of service.
Zaptel 1.4.5.1 is vulnerable; other versions may also be affected.
NOTE: Further reports indicate that an attacker would need superuser privileges to exploit this issue.
Exploit / POC
Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Zaptel SetHDLC.C Local Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Zapata Telephony)
- [ELEYTT] Public Advisory 20-10-2007 ("Michal Bucko"
- Zaptel 1.4.5.1 SetHDLC.c Local Buffer Overflow (Eleytt)