SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   nd Vendors:   Teranishi, Yuuichi
nd Buffer Overflow Lets Remote Servers Execute Arbitrary Code
SecurityTracker Alert ID:  1008616
SecurityTracker URL:  http://securitytracker.com/id/1008616
CVE Reference:   CVE-2004-0014   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Jan 6 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.8.1 and prior versions
Description:   Several buffer overflow vulnerabilities were reported in the 'nd' WebDAV interface software. A remote user can execute arbitrary code.

It is reported that a remote user (acting as a WebDAV server) can cause arbitrary code to be executed on a connecting target system due to buffer overflows. The report indicates that long URLs, authentication realm, lock-token, and other values can trigger the flaw.

Mr. ukai is credited by the vendor with reporting this flaw.

Impact:   A remote user with a malicious WebDAV server can cause arbitrary code to be executed on the target user's system when the target user connects to the malicious server.
Solution:   The vendor has released a fixed version (0.8.2), available at:

http://www.gohome.org/nd/
http://www.gohome.org/nd/nd-0.8.2.tar.gz

Vendor URL:  www.gohome.org/nd/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 6 2004 (Debian Issues Fix) nd Buffer Overflow Lets Remote Servers Execute Arbitrary Code
Debian has released a fix.



 Source Message Contents

Subject:  CVE: CVE-2004-0014


CVE: CAN-2004-0014

 > Warning!
 > nd version 0.8.1 or earlier has a vulnerability of buffer overflow caused by a
 > long urls, authentication realm, lock-token etc. This allows remote attackers
 > to execute arbitrary code on the host running this command. Please use 0.8.2
 > or later.

 > What's New
 > 0.8.2, 29 Nov 2003.
 >
 >     * Avoid another buffer overflow (Thanks to Mr. ukai).

http://www.gohome.org/nd/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC