Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Axspawn-pam Vendors:   [Multiple Authors/Vendors]
Axspawn-pam Linux Login Module for Amateur Radio AX.25 Networks Has Buffer Overflow That May Give Remote Users Access to the Server
SecurityTracker Alert ID:  1003242
SecurityTracker URL:
CVE Reference:   CVE-2002-2098   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 15 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior 0.2.1a-dl1bke-eb7gwl-dik342
Description:   A buffer overflow vulnerability was reported in Axspawn-pam, a Linux-based login access utility for AX.25 ham radio packet networks. A remote user could execute arbitrary code on the server and gain access to the server.

It is reported that the AXSpawn program does not properly check the input length of incoming packets, according to SecurityFocus. As a result, a remote user could send a malicious packet to trigger a buffer overflow and execute arbitrary code with 'login' user privileges.

Impact:   A remote user can execute arbitrary code with 'login' user privileges to gain access to the server.
Solution:   Upgrade to the fixed version (0.2.1a-dl1bke-eb7gwl-dik342), available at the Vendor URL.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   None.

 Source Message Contents

Subject:  Axspawn buffer overflow

axspawn-pam is an enhanced version of axspawn for linux.



- Some little changes in the documentation since I've now got a
- I've added some code in axspawn.c to avoid a possible buffer overflow.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC