BID:39129

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

Info

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	39129
Class:	Boundary Condition Error
CVE:	CVE-2010-1147
Remote:	Yes
Local:	No
Published:	Mar 31 2010 12:00AM
Updated:	Apr 13 2015 09:16PM
Credit:	Pierre Nogues
Vulnerable:	Open DC Hub Open DC Hub 0.8.1 Gentoo Linux

Not Vulnerable:	Open DC Hub Open DC Hub 0.8.2

Discussion

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

Open DC Hub is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Exploit / POC

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

The following exploit is available:

/data/vulnerabilities/exploits/39129.py

Solution / Fix

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

Open DC Hub Open DC Hub 0.8.1

Open DC Hub opendchub-0.8.2.tar.gz
http://sourceforge.net/projects/opendchub/files/Open%20DC%20Hub/0.8.2/ opendchub-0.8.2.tar.gz/download

References

Open DC Hub 'MyInfo' Message Remote Stack Buffer Overflow Vulnerability

References:

Open DC Hub Homepage (Open DC Hub)