vendor:
Trillian
by:
Lance Fitz-Herbert
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Trillian
Affected Version From: 0.73
Affected Version To: 0.74
Patch Exists: YES
Related CWE: N/A
CPE: a:cerulean_studios:trillian
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002
Trillian Ident Server Buffer Overflow Vulnerability
When the ident server receives a malformed request that is 418 bytes or more in length, the client crashes and memory is corrupted. It may be possible for an attacker to exploit the resulting memory corruption to execute arbitrary instructions with the privileges of the ident server.
Mitigation:
Upgrade to the latest version of Trillian Ident Server.