Netopia Timbuktu Buffer Overflow Lets Remote Users Crash the Service
|
|
SecurityTracker Alert ID: 1012268 |
|
SecurityTracker URL: http://securitytracker.com/id/1012268
|
|
CVE Reference:
CAN-2004-0810
(Links to External Site)
|
Date: Nov 19 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 7.0.4
|
Description:
A buffer overflow vulnerability was reported in Netopia's Timbuktu for Mac OS X. A remote user can cause the application to crash.
NISCC reported that a remote user can make multiple simultaneous connections to the target service and repeatedly send specially crafted data to the system to trigger a buffer overflow and cause the target service to crash.
The report credits Corsaire Ltd. with reporting this flaw.
|
Impact:
A remote user can cause the target server application to crash.
|
Solution:
The vendor has issued a fixed version (7.0.4).
|
Vendor URL: www.netopia.com/software/products/tb2/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 19 Nov 2004 09:20:03 -0500
Subject: http://www.uniras.gov.uk/vuls/2004/190204/index.htm
|
> NISCC Vulnerability Advisory 190204/NISCC/CORSAIRE/TIMBUKTU
NISCC reported a vulnerability in Netopia's Timbuktu for Mac OS X. A remote user
can cause the application to crash.
A remote user can make multiple simultaneous connections to the target service and
repeatedly send specially crafted data to the system to trigger a buffer overflow and
cause the target service to crash.
The report credits Corsaire Ltd. with reporting this flaw.
The vendor has issued a fixed version (7.0.4).
CVE: CAN-2004-0810
|
|
