Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2903

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2903
Last Modified 15 Sep 2011 12:00:00
Published 02 Sep 2011 12:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2903

Summary

Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.

Vulnerable Systems

Application

  • Rhythm Tcptrack 1.0.0

  • Rhythm Tcptrack 1.0.1

  • Rhythm Tcptrack 1.0.2

  • Rhythm Tcptrack 1.1

  • Rhythm Tcptrack 1.1.0

  • Rhythm Tcptrack 1.1.1

  • Rhythm Tcptrack 1.1.2

  • Rhythm Tcptrack 1.1.3

  • Rhythm Tcptrack 1.1.4

  • Rhythm Tcptrack 1.1.5

  • Rhythm Tcptrack 1.2.0

  • Rhythm Tcptrack 1.3.0

  • Rhythm Tcptrack 1.4.0

  • Rhythm Tcptrack 1.4.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=729096

CONFIRM - http://www.rhythm.cx/~steve/devel/tcptrack/

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=377917

XF - tcptrack-commandline-bo(69467)

BID - 49352

MLIST - [oss-security] 20110831 Re: CVE request: heap overflow in tcptrack < 1.4.2

MLIST - [oss-security] 20110809 Re: CVE request: heap overflow in tcptrack < 1.4.2


Last Updated: 27 May 2016 10:57:12