oss-sec mailing list archives

Re: Two remote DoS issues in linuxdcpp

From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 2 Jul 2008 02:03:36 +0200

On Tuesday 01 July 2008, Steven M. Christey wrote:

======================================================
Name: CVE-2008-2953
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=60861
2&group_id=40287 Reference:
CONFIRM:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp
/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date Reference:
SECUNIA:30812
Reference: URL:http://secunia.com/advisories/30812

Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause
a denial of service (crash) via "partial file list requests" that
trigger a NULL pointer dereference.


That Secunia advisory is actually for the Windows version of DC++, which 
has a different versioning. I think you might want to expand that in 
the description.

Robert

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Re: Two remote DoS issues in linuxdcpp Steven M. Christey (Jul 01)
- Re: Two remote DoS issues in linuxdcpp Robert Buchholz (Jul 01)