PT-2008-6321 · Yosemite · Ytwindtb.Dll+2
Published
2008-11-20
·
Updated
2024-02-14
·
CVE-2008-5177
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Yosemite Backup version 8.7
Description
A stack-based buffer overflow issue exists in the DtbClsLogin function, allowing remote attackers to execute arbitrary code or cause a denial of service. This issue is related to the
libytlindtb.so library on Linux platforms and the ytwindtb.dll library on Windows platforms. The overflow occurs when a long username field is provided during authentication.Recommendations
For Yosemite Backup version 8.7, consider restricting access to the DtbClsLogin function until a patch is available. As a temporary workaround, limit the length of the
username field to prevent buffer overflow exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yosemite Backup
Libytlindtb.So
Ytwindtb.Dll