Vulnerability CVE-2008-4193


Published: 2008-09-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.

See advisories in our WLB2 database:
Topic
Author
Date
High
SecurityGateway 1.0.1 (username) Remote Buffer Overflow PoC
securfrog
26.09.2008

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Alt-n
Product: Securitygateway 
Version: 1.0.1;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://xforce.iss.net/xforce/xfdb/42769
http://www.vupen.com/english/advisories/2008/1717/references
http://www.securitytracker.com/id?1020156
http://www.securityfocus.com/bid/29457
http://www.milw0rm.com/exploits/5827
http://www.milw0rm.com/exploits/5718
http://securityreason.com/securityalert/4302
http://secunia.com/advisories/30497
http://files.altn.com/securitygateway/release/relnotes_en.htm

Related CVE
CVE-2008-6967
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.
CVE-2008-6893
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.
CVE-2007-3622
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
CVE-2006-5968
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.D...
CVE-2006-5708
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
CVE-2006-5709
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
CVE-2006-4620
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbo...
CVE-2006-4371
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) ...

Copyright 2019, cxsecurity.com

 

Back to Top