PT-2006-7286 · Chet · Chetcpasswd
Publicado
2006-12-21
·
Atualizado
2010-07-16
·
CVE-2006-6685
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
chetcpasswd version 2.3.3
Description:
The issue is related to a heap-based buffer overflow that can be triggered by a long REMOTE ADDR environment variable, potentially allowing local users to cause a denial of service or possibly execute arbitrary code.
Recommendations:
For chetcpasswd version 2.3.3, consider restricting the length of the
REMOTE ADDR environment variable to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Chetcpasswd