Bidwatcher Format String Error in 'netstuff' May Let Remote Users Execute Arbitrary Code in Certain Cases
|
|
SecurityTracker Alert ID: 1013239 |
|
SecurityTracker URL: http://securitytracker.com/id/1013239
|
|
CVE Reference:
CAN-2005-0158
(Links to External Site)
|
Date: Feb 18 2005
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.3.16 and prior versions
|
Description:
A format string vulnerability was reported in Bidwatcher. A remote user may be able to execute arbitrary code on the target system in certain cases.
The code in 'netstuff.cpp' does not properly apply a format string specifier in a printf() statement that processes HTTP header data. A remote eBay web server (or a remote server spoofing an eBay server) can supply a specially crafted header value to trigger the flaw and execute arbitrary code on the target system. The code will run with the privileges of the Bidwatcher process.
The vendor reported this vulnerability.
Ulf Harnhammar from the Debian Security Audit Project discovered this vulnerability.
|
Impact:
A remote eBay web server (or a remote server that is spoofing an eBay web server) can execute arbitrary code on the target user's system. The code will run with the privileges of the Bidwatcher process.
|
Solution:
The vendor has issued a fixed version (1.3.17), available at:
http://sourceforge.net/project/showfiles.php?group_id=2973
|
Vendor URL: bidwatcher.sourceforge.net/ (Links to External Site)
|
Cause:
Input validation error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 18 Feb 2005 10:01:46 -0500
Subject: [none]
|
> Changes to bidwatcher
> 2/17/05
> * Fix potential security bug in versions <= 1.3.16 (CAN-2005-0158).
|
|
