xtacacasd <= 4.1.2 buffer overflow

2009-09-15 / 2009-09-16
Credit: null
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-7232
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

########## Luigi Auriemma Application: xtacacasd http://www.netplex-tech.com/software/xtacacsd Versions: <= 4.1.2 Platforms: *nix Bug: buffer-overflow in report() Exploitation: remote Date: 08 Jan 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ########## 1) Introduction 2) Bug 3) The Code 4) Fix ########## =============== 1) Introduction =============== xtacacsd is an Unix TACACS server no longer supported. ########## ====== 2) Bug ====== From misc.c: #ifdef __STDC__ report (int priority, char *fmt, ...) #else report(priority, fmt, va_alist) int priority; char *fmt; va_dcl /* no terminating semi-colon */ #endif { char msg[256]; /* temporary string */ va_list ap; #ifdef __STDC__ va_start(ap, fmt); #else va_start(ap); #endif vsprintf (msg, fmt, ap); va_end(ap); ... ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/xtacacsdz.zip ########## ====== 4) Fix ====== No longer supported ##########

References:

http://xforce.iss.net/xforce/xfdb/39551
http://aluigi.org/poc/xtacacsdz.zip
http://aluigi.altervista.org/adv/xtacacsdz-adv.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top