Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
BID:52190
Info
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
| Bugtraq ID: | 52190 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2012 12:00AM |
| Updated: | Feb 27 2012 12:00AM |
| Credit: | Craig Freyman |
| Vulnerable: |
Codeorigin Sysax Multi Server 5.53 Codeorigin Sysax Multi Server 5.52 Codeorigin Sysax Multi Server 5.50 Codeorigin Sysax Multi Server 5.25 Codeorigin Sysax Multi Server 4.3 |
| Not Vulnerable: |
Codeorigin Sysax Multi Server 5.55 |
Discussion
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
Sysax Multi Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Sysax Multi Server 5.53 and prior versions are vulnerable.
Sysax Multi Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Sysax Multi Server 5.53 and prior versions are vulnerable.
Exploit / POC
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
Solution:
The vendor has released updates. Please see the references for details.
Solution:
The vendor has released updates. Please see the references for details.
References
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
References:
References:
- Sysax Multi Server Homepage (Codeorigin)
- Sysax Multi Server SSH Username Exploit (pwnag3)