Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
BID:9661
Info
Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9661 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0289 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | The disclosure of this issue has been credited to LynX <[email protected]>. |
| Vulnerable: |
Paul L Daniels SignatureDB 0.1.1 |
| Not Vulnerable: | |
Discussion
Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
It has been reported that SignatureDB 'sdbscan' program is prone to a local buffer overflow vulnerability that may allow an attacker to execute arbitrary code leading to elevated privileges. This issue is reportedly exploited by supplying an excessively long path for a database file to be used by the 'sdbscan' program that is then passed via the 'key' parameter of 'ringsearch.c' file.
It has been reported that SignatureDB 'sdbscan' program is prone to a local buffer overflow vulnerability that may allow an attacker to execute arbitrary code leading to elevated privileges. This issue is reportedly exploited by supplying an excessively long path for a database file to be used by the 'sdbscan' program that is then passed via the 'key' parameter of 'ringsearch.c' file.
Exploit / POC
Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Paul Daniels SignatureDB sdbscan Local Buffer Overflow Vulnerability
References:
References:
- SignatureDB (Paul L Daniels)
- problems with database files in 'SignatureDB' (LynX <[email protected]>)