vendor:
Canna
by:
UNYUN (shadowpenguin@backsection.net)
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Canna
Affected Version From: 3.5b2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not provided
CPE: a:canna_project:canna:3.5b2
Platforms Tested: Linux
Unknown
Remote Buffer Overflow in Canna Package
By supplying an overly large username or groupname with the IR_INIT command, it is possible to trigger a remote buffer overflow condition. Successful exploitation will enable a remote attacker to execute arbitrary code as the user the canna server is running as.
Mitigation:
Upgrade to a version later than 3.5b2, if available. Otherwise, disable or remove the canna package.
