oss-sec mailing list archives

Re: CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message

From: Josh Bressers <bressers () redhat com>
Date: Mon, 5 Apr 2010 21:01:20 -0400 (EDT)


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors

   (based on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308)

   Pierre Nogues found a stack overflow flaw, in the way Open DC Hub
sanitized content of user's MyINFO message. Remote attacker,
with valid Open DC Hub account, could send a specially-crafted
MyINFO message to another user / all users connected to particular
Direct Connect network, leading into denial of service (opendchub
crash) or, potentially, to arbitrary code execution with the
privileges
of the user running opendchub.

References:
   [1]
http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600
   [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308
   [3] https://bugzilla.redhat.com/show_bug.cgi?id=579206


Use CVE-2010-1147

Thanks.

-- 
    JB

Current thread:

CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message Jan Lieskovsky (Apr 03)
- Re: CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message Josh Bressers (Apr 05)