Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5177

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5177
Last Modified 13 Aug 2009 01:27:38
Published 20 Nov 2008 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5177

Summary

Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.

Vulnerable Systems

Application

  • Insight-tech Yosemite Backup 8.7


References

XF - yosemitebackup-dtbclslogin-bo(46515)

BID - 32246

MISC - http://www.insight-tech.org/xploits/yosemiteStackOverflowExploit.zip

MISC - http://www.insight-tech.org/index.php?p=Yosemite-backup-8-7-DtbClsLogin-Buffer-Overflow-Vulnerability

SECUNIA - 32262

OSVDB - 49744

OSVDB - 49743


Last Updated: 27 May 2016 10:48:44