DConnect Daemon守护程序侦听线程UDP远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110745 漏洞类型 缓冲区溢出
发布时间 2006-08-06 更新时间 2006-08-15
CVE编号 CVE-2006-4125 CNNVD-ID CNNVD-200608-204
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28344
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-204
|漏洞详情
DConnectDaemon0.7.0及早期版本的main.c程序存在基于栈的缓冲区溢出漏洞,远程攻击者可借助一个超长昵称(nickname)来执行任意代码,因为listen_thread_udp函数没有正确处理该昵称名。
|漏洞EXP
source: http://www.securityfocus.com/bid/19369/info

DConnect Daemon is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary code within the context of the application or cause the application to crash causing a denial of service. 

Version 0.7.0, CVS July 30th 2006 and prior versions are vulnerable to this issue.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/28344.zip
|参考资料

来源:XF
名称:dconnect-daemon-listenthreadudp-bo(28276)
链接:http://xforce.iss.net/xforce/xfdb/28276
来源:BID
名称:19369
链接:http://www.securityfocus.com/bid/19369
来源:www.dc.ds.pg.gda.pl
链接:http://www.dc.ds.pg.gda.pl/
来源:BUGTRAQ
名称:20060806MultiplevulnerabilitiesinDConnectDaemon0.7.0(CVS30Jul2006)
链接:http://www.securityfocus.com/archive/1/archive/1/442440/100/0/threaded
来源:VUPEN
名称:ADV-2006-3181
链接:http://www.frsirt.com/english/advisories/2006/3181
来源:www.dc.ds.pg.gda.pl
链接:http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog
来源:SECTRACK
名称:1016641
链接:http://securitytracker.com/id?1016641
来源:SECUNIA
名称:21384
链接:http://secunia.com/advisories/21384
来源:SREASON
名称:1377
链接:http://securityreason.com/securityalert/1377