vendor:
OpenLink 3.2
by:
Anonymous
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: OpenLink 3.2
Affected Version From: 3.2
Affected Version To: 3.2
Patch Exists: YES
Related CWE: N/A
CPE: a:openlink:openlink_3.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, WindowsNT
2001
OpenLink 3.2 Remote Buffer Overflow Vulnerability
OpenLink 3.2 is vulnerable to a remotely exploitable buffer overflow attack. The problem is in their web configuration utility, and is the result of an unchecked strcpy() call. The consequence is the execution of arbitrary code on the target host (running the configuration utility) with the priviliges of the web software. The exploit code is written in C and is designed to execute the /usr/bin/wall command on the target system.
Mitigation:
The vendor has released a patch to address this vulnerability.