Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 03 Apr 2010 11:23:40 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Roshan Kumar Singh <roshansingh@...rs.sourceforge.net>
Subject: CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted
 MyINFO message

Hi Steve, vendors

   (based on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308)

   Pierre Nogues found a stack overflow flaw, in the way Open DC Hub
sanitized content of user's MyINFO message. Remote attacker,
with valid Open DC Hub account, could send a specially-crafted
MyINFO message to another user / all users connected to particular
Direct Connect network, leading into denial of service (opendchub
crash) or, potentially, to arbitrary code execution with the privileges
of the user running opendchub.

References:
   [1] http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600
   [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308
   [3] https://bugzilla.redhat.com/show_bug.cgi?id=579206

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ