Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0238

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0238
Last Modified 05 Sep 2008 04:37:54
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0238

Summary

Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.

Vulnerable Systems

Application

  • 0verkill 0.16


References

XF - overkill-server-parsecommandline-bo(15000)

XF - overkill-client-multiple-bo(14999)

BID - 9550

MISC - http://www.securiteam.com/securitynews/5AP010KC0C.html

BUGTRAQ - 20040202 0verkill - little simple vulnerability.


Last Updated: 27 May 2016 10:38:32