[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] SRT2003-12-04-0723 - PLDaniels Ebola remote overflow
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] SRT2003-12-04-0723 - PLDaniels Ebola remote overflow
- From: KF <dotslash@snosoft.com>
- Date: Thu, 04 Dec 2003 23:48:22 -0500
I am a little behind on the web page update but regardless here is the
*necessary* information. Technical details will be available by the
weekend.
-KF
Secure Network Operations, Inc. http://www.secnetops.com/research
Strategic Reconnaissance Team research@secnetops.com
Team Lead Contact kf@secnetops.com
Our Mission:
************************************************************************
Secure Network Operations offers expertise in Networking, Intrusion
Detection Systems (IDS), Software Security Validation, and
Corporate/Private Network Security. Our mission is to facilitate a
secure and reliable Internet and inter-enterprise communications
infrastructure through the products and services we offer.
To learn more about our company, products and services or to request a
demo of ANVIL FCS please visit our site at http://www.secnetops.com, or
call us at: 978-263-3829
Quick Summary:
************************************************************************
Advisory Number : SRT2003-12-04-0723
Product : PLDaniels/PLD Ebola
Version : ebola-0.1.4
Vendor : http://pldaniels.com/ebola/
Class : Remote
Criticality : High (to Ebola users)
Operating System(s) : *nix
Notice
************************************************************************
The full technical details of this vulnerability can be found at:
http://www.secnetops.com/research/advisories/SRT2003-12-04-0723.txt
Basic Explanation
************************************************************************
High Level Description : Ebola daemon contains a remote buffer overflow.
What to do : upgrade to ebola-0.1.5
Basic Technical Details
************************************************************************
Proof Of Concept Status : SNO has proof of concept.
Low Level Description : Ebola is a AntiVirus scanning daemon system
which offers to improve considerably the performance of scanning systems
such as AMaViS, Inflex and other such programs which require ondemand
scanning from various AV engines.
The Ebola daemon contains a remotely exploitable buffer overflow in its
authentication sequence.
This issue is caused by the handle_PASS() function in ebola.c
char outstr[100];
...
if (passwd) {
if (PASS_authenticate(username, passwd) == _PASS_OK) {
sprintf(outstr,"PASS NOT ACCEPTED for user \"%s\",
pass \"%s\".\n",username,passwd);
...
Please upgrade to version 0.1.5 of the ebola daemon.
Vendor Status : Paul L Daniels promptly responded to this issue,
a patch was available immediately after it was reported.
Bugtraq URL : To be assigned.
Disclaimer
----------------------------------------------------------------------
This advisory was released by Secure Network Operations,Inc. as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract.. Contact our sales
department at sales@secnetops.com for further information on how to
obtain proof of concept code.
----------------------------------------------------------------------
Secure Network Operations, Inc. || http://www.secnetops.com
"Embracing the future of technology, protecting you."