vendor:
Yapp Conferencing System
by:
Dave Bowman
7.2
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Yapp Conferencing System
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE: N/A
CPE: a:armidale_software:yapp_conferencing_system
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
1998
Yapp Conferencing System Buffer Overflow Vulnerability
Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in (at least) the Linux version. The consequence of the vulnerability being exploited is a local root compromise. The Yapp Conferencing System client handles environment variables without doing bounds checking, allowing one to overflow a buffer in the 'bbs' executable onto the stack. Using this technique, it is possible to obtain a shell running as the user which Yapp is setuid to (in some cases, root).
Mitigation:
Perform bounds checking on environment variables.