FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
TITLE: FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 06 2007 05:20PM
CREDIT: The vendor disclosed this issue.
VULNERABLE:
FreeVMS FreeVMS 0.3.5NOT VULNERABLE:
FreeVMS FreeVMS 0.3.6
Vai alla pagina originale su Security Focus
Discussion
FreeVMS backup utility is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
This issue affects versions prior to FreeVMS 0.3.6
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released version 0.3.6 to address this issue. Please see the references for more information.
FreeVMS FreeVMS 0.3.5
- FreeVMS freevms-0_3_6.tgz
http://freshmeat.net/redir/freevms/18729/url_tgz/freevms-0_3_6.tgz
References
References:
- FreeVMS Homepage (FreeVMS)