Vulnwatch mailing list archives
SRT2003-12-04-0723 - PLDaniels Ebola remote overflow
From: KF <dotslash () snosoft com>
Date: Thu, 04 Dec 2003 23:48:34 -0500
I am a little behind on the web page update but regardless here is the *necessary* information. Technical details will be available by the weekend.
-KF
Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team research () secnetops com Team Lead Contact kf () secnetops com Our Mission: ************************************************************************ Secure Network Operations offers expertise in Networking, Intrusion Detection Systems (IDS), Software Security Validation, and Corporate/Private Network Security. Our mission is to facilitate a secure and reliable Internet and inter-enterprise communications infrastructure through the products and services we offer. To learn more about our company, products and services or to request a demo of ANVIL FCS please visit our site at http://www.secnetops.com, or call us at: 978-263-3829 Quick Summary: ************************************************************************ Advisory Number : SRT2003-12-04-0723 Product : PLDaniels/PLD Ebola Version : ebola-0.1.4 Vendor : http://pldaniels.com/ebola/ Class : Remote Criticality : High (to Ebola users) Operating System(s) : *nix Notice ************************************************************************ The full technical details of this vulnerability can be found at: http://www.secnetops.com/research/advisories/SRT2003-12-04-0723.txt Basic Explanation ************************************************************************ High Level Description : Ebola daemon contains a remote buffer overflow. What to do : upgrade to ebola-0.1.5 Basic Technical Details ************************************************************************ Proof Of Concept Status : SNO has proof of concept. Low Level Description : Ebola is a AntiVirus scanning daemon system which offers to improve considerably the performance of scanning systems such as AMaViS, Inflex and other such programs which require ondemand scanning from various AV engines. The Ebola daemon contains a remotely exploitable buffer overflow in its authentication sequence. This issue is caused by the handle_PASS() function in ebola.c char outstr[100]; ... if (passwd) { if (PASS_authenticate(username, passwd) == _PASS_OK) { sprintf(outstr,"PASS NOT ACCEPTED for user \"%s\", pass \"%s\".\n",username,passwd); ... Please upgrade to version 0.1.5 of the ebola daemon. Vendor Status : Paul L Daniels promptly responded to this issue, a patch was available immediately after it was reported. Bugtraq URL : To be assigned. Disclaimer ---------------------------------------------------------------------- This advisory was released by Secure Network Operations,Inc. as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories but can be obtained under contract.. Contact our sales department at sales () secnetops com for further information on how to obtain proof of concept code. ---------------------------------------------------------------------- Secure Network Operations, Inc. || http://www.secnetops.com "Embracing the future of technology, protecting you."
Current thread:
- SRT2003-12-04-0723 - PLDaniels Ebola remote overflow KF (Dec 04)