oss-sec mailing list archives
Two remote DoS issues in linuxdcpp
From: Robert Buchholz <rbu () gentoo org>
Date: Mon, 30 Jun 2008 01:37:00 +0200
Hey, Linux DC++ (linuxdcpp) is a Direct Connect client based on the same client code as DC++, so it is vulnerable to the recently reported [1] NULL pointer dereference remote DoS via partial file list requests http://secunia.com/advisories/30812/ http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287 https://bugs.launchpad.net/dcplusplus/+bug/238333 [Can't view] Patch for linuxdcpp: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date [2] Empty message Remote DoS When an attacker sends an empty message, he can cause the client to abort with "std::out_of_range" in substr(). Patch for linuxdcpp: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Two remote DoS issues in linuxdcpp Robert Buchholz (Jun 29)