ESignal Remote Buffer Overflow Vulnerability
BID:9978
Info
ESignal Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9978 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2004 12:00AM |
| Updated: | Mar 25 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Vizzy <[email protected]>. |
| Vulnerable: |
eSignal eSignal 7.6 eSignal eSignal 7.5 |
| Not Vulnerable: |
eSignal eSignal 8.0 |
Discussion
ESignal Remote Buffer Overflow Vulnerability
It has been reported that eSignal is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer.
This issue may be leveraged by an attacker to modify process memory. This may cause a denial of service condition in the process as a result of the memory manipulation. The attacker may further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected process.
This issue is reported to affect versions 7.5 and 7.6 of the software. It is quite likely however that earlier versions are affected as well.
It has been reported that eSignal is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer.
This issue may be leveraged by an attacker to modify process memory. This may cause a denial of service condition in the process as a result of the memory manipulation. The attacker may further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected process.
This issue is reported to affect versions 7.5 and 7.6 of the software. It is quite likely however that earlier versions are affected as well.
Exploit / POC
ESignal Remote Buffer Overflow Vulnerability
The following exploit has been provided:
http://viziblesoft.com/insect/sploits/vz-eSignal76.pl
The following exploit has been provided:
http://viziblesoft.com/insect/sploits/vz-eSignal76.pl
Solution / Fix
ESignal Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
eSignal eSignal 7.5
Solution:
The vendor has released an upgrade dealing with this issue.
eSignal eSignal 7.5
-
eSignal esignal_76.exe
http://www.esignal.com/executables/esignal_76.exe
References
ESignal Remote Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (eSignal)
- eSignal v7 remote buffer overflow (exploit) (Vizzy
- Re: eSignal v7 remote buffer overflow (eSignal)