Full Disclosure mailing list archives
[ADVISORY] ~ x Thu Mar 16 14:19:11 EST 2006 x ~ Heap Overflow in ISC OpenReg
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Thu, 16 Mar 2006 19:19:14 +0000 (GMT)
[ADVISORY] ~ x Thu Mar 16 14:19:11 EST 2006 x ~ Heap Overflow in ISC OpenReg 8======================D~~~~~~ I. Description 8======================D~~~~~~ It is possible to make ISC OpenReg crash or run arbitrary code by the use of malformed input. 8======================D~~~~~~ II. History 8======================D~~~~~~ 2-23-2006 - Vendor Notification. 3-16-2006 - Public Disclosure. 8======================D~~~~~~ III. Workaround 8======================D~~~~~~ There was no identified workarounds regarding this vulnerability indentified. 8======================D~~~~~~ IV. Vendor Response 8======================D~~~~~~ ISC OpenReg is presented no identified commentary regarding this problem. 8======================D~~~~~~ V. CVE Information 8======================D~~~~~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-296041 to this issue 8======================D~~~~~~ Appendix A Vendor Information 8======================D~~~~~~ http://www.isc.org/index.pl?/sw/openreg/ 8======================D~~~~~~ Appendix B References 8======================D~~~~~~ RFC 863 8======================D~~~~~~ Contact 8======================D~~~~~~ Dude VanWinkle dudevanwinkle () gmail com GREM SSP-MPA GHTQ GWAS CAP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ADVISORY] ~ x Thu Mar 16 14:19:11 EST 2006 x ~ Heap Overflow in ISC OpenReg Dude VanWinkle (Mar 16)