Buffer overflows in Skyline/SpinBox client

[tfheen () OPERA NO (Tollef Fog Heen)]

  There are some buffer overflows in SpinBox/1.1 (from the
  spin_server.conf).

  SpinBox is an SSI/cgi-tool used by advertisement companies, made by
  Skyline.

  Since this is closed source software, I can't post the sources.  The
  buffer overflows are mostly in the query string (strcat and strcpy
  instead of strncat and strncpy).

  The cgi-bin will usually run with an uid of nobody (most Unices) or
  www-data (Debian), so depending on configuration the severity might
  be none to possible defacing of web sites.

  If you use the SpinBox client (our ad provided is uniquemedia.net,
  thanks to them for providing sources and in general being helpful
  and responsive) with a version number less than 1.1, or haven't been
  notified in the last three weeks, you are vulnerable.

  Vendor is notified about three weeks ago.

--

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.