Inktomi Traffic Server Buffer Overflow Vulnerability

vendor:

Traffic Server

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Traffic Server

Affected Version From: 1.1.2000

Affected Version To: 1.1.2002

Patch Exists: YES

Related CWE: CVE-2002-0395

CPE: a:inktomi:traffic_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix, Linux, Microsoft Windows

2002

Inktomi Traffic Server Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in the Inktomi Traffic Server. The vulnerability occurs in the traffic_manager binary included with Inktomi Traffic Server. Executing traffic_manager with an excessively long commandline argument will cause the buffer overflow condition. As traffic_manager is a setuid root binary, it is possible for a remote attacker to obtain root, or superuser, privileges on a compromised system.

Mitigation:

Upgrade to the latest version of Inktomi Traffic Server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5098/info

Inktomi Traffic Server is a transparent web caching application. It is designed for use with Unix and Linux variants as well as Microsoft Windows operating environments.

A buffer overflow vulnerability has been reported in the Inktomi Traffic Server. The vulnerability occurs in the traffic_manager binary included with Inktomi Traffic Server.

Reportedly, executing traffic_manager with an excessively long commandline argument will cause the buffer overflow condition. As traffic_manager is a setuid root binary, it is possible for a remote attacker to obtain root, or superuser, privileges on a compromised system. 

traffic_manager -path `perl -e 'print "A"x1720'` <