IP Filter ippool Buffer Overflow in 'lib/load_http.c' May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1022272 |
|
SecurityTracker URL: http://securitytracker.com/id/1022272
|
|
CVE Reference:
CVE-2009-1476
(Links to External Site)
|
Date: May 22 2009
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.1.31
|
Description:
A vulnerability was reported in IP Filter. A local user can obtain elevated privileges on the target system.
A local user can trigger a buffer overflow in 'lib/load_http.c' to potentially execute arbitrary code on the target system with elevated privileges.
The original advisory is available at:
http://securityreason.com/achievement_securityalert/62
Maksymilian Arciemowicz reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
A fix for NetBSD is available at:
http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c?only_with_tag=MAIN
|
Vendor URL: coombs.anu.edu.au/ipfilter/ip-filter.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 22 May 2009 16:41:02 -0400
Subject: ipfilter
|
http://securityreason.com/achievement_securityalert/62
CVE-2009-1476
|
|
