SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Open DC Hub Vendors:   opendchub.sourceforge.net
(Gentoo Issues Fix) DC Open Hub Buffer Overflow in RedirectAll Lets Remote Authenticated Administrators Execute Arbitrary Code
SecurityTracker Alert ID:  1012348
SecurityTracker URL:  http://securitytracker.com/id/1012348
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 29 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.7.14
Description:   Donato Ferrante reported a buffer overflow vulnerability in DC Open Hub. A remote authenticated administrator can execute arbitrary code on the target system.

It is reported that a remote authenticated administrator can set a specially crafted RedirectAll value to trigger the buffer overflow and execute arbitrary code.

A demonstration exploit is available at:

http://www.autistici.org/fdonato/poc/OpenDcHub[0714]BOF-poc.zip

The vendor has been notified without response.
Impact:   A remote authenticated administrator can execute arbitrary code on the target system.
Solution:   Gentoo has released a fix and indicates that all Open DC Hub users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.7.14-r2"
Vendor URL:  opendchub.sourceforge.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 24 2004 DC Open Hub Buffer Overflow in RedirectAll Lets Remote Authenticated Administrators Execute Arbitrary Code


 Source Message Contents
Date:  Sun, 28 Nov 2004 15:09:32 -0500
Subject:  [gentoo-announce] [ GLSA 200411-37 ] Open DC Hub: Remote code execution



--=-tBdmCnpULUqjNZjv18eZ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200411-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Open DC Hub: Remote code execution
      Date: November 28, 2004
      Bugs: #72371
        ID: 200411-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Open DC Hub contains a buffer overflow that can be exploited to allow
remote code execution.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Open DC Hub is the hub software for the Direct Connect file sharing
network.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

    -------------------------------------------------------------------
     Package            /   Vulnerable   /                  Unaffected
    -------------------------------------------------------------------
  1  net-p2p/opendchub      < 0.7.14-r2                   >=3D 0.7.14-r2

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Donato Ferrante discovered a buffer overflow vulnerability in the
RedirectAll command of the Open DC Hub.

Impact
=3D=3D=3D=3D=3D=3D

Upon exploitation, a remote user with administrative privileges can
execute arbitrary code on the system running the Open DC Hub.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Only give administrative rights to trusted users.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Open DC Hub users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=3Dnet-p2p/opendchub-0.7.14-r2"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

  [ 1 ] Full-Disclosure Advisory
        http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1115.=
html

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200411-37.xml

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--=-tBdmCnpULUqjNZjv18eZ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBBqjB7Rsm3eDkOu7kRAnFPAJ0YMzF2JshSfoxMHpnm9OKtyd+oVwCffhu+
I1YWWSP96zoYp0hLI8QQOek=
=/Ci4
-----END PGP SIGNATURE-----

--=-tBdmCnpULUqjNZjv18eZ--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC