SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (News)  >   newspost Vendors:   Faulkner, Jim
Newspost Buffer Overflow in socket_getline() Lets Remote Users Crash the Process
SecurityTracker Alert ID:  1013056
SecurityTracker URL:  http://securitytracker.com/id/1013056
CVE Reference:   CVE-2005-0101   (Links to External Site)
Date:  Feb 2 2005
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): 2.1.1
Description:   A vulnerability was reported in newspost. A remote user can cause newspost to crash or potentially execute arbitrary code.

Niels Heinen reported that a remote server can trigger a buffer overflow in the socket_getline() function. A remote server can supply a specially crafted response to cause the connecting newspost process to crash. It may be possible to execute arbitrary code, but code execution was not confirmed in the report.

The flaw resides in 'base/socket.c'.

Impact:   A remote NNTP server can cause the connecting newspost process to crash.
Solution:   No vendor solution was available at the time of this entry.

An unofficial patch is available at:

http://people.freebsd.org/~niels/issues/newspost-20050114.txt

Vendor URL:  newspost.unixcab.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC