From 07be949893a1f93fc81f08e6c6c66d27026523ef Mon Sep 17 00:00:00 2001 From: rene Date: Sun, 19 Feb 2012 22:14:32 +0000 Subject: Document a remote code execution via a buffer overflow in PLIB. Security: CVE-2011-4620 --- security/vuxml/vuln.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c2afe920dd95..7782e9d93350 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -47,6 +47,48 @@ Note: Please add new entries to the beginning of this file. --> + + plib -- remote code execution via buffer overflow + + + torcs + 1.3.3 + + + plib + 1.8.5 + + + + +

Secunia reports:

+
A vulnerability has been discovered in PLIB, which can be + exploited by malicious people to compromise an application using + the library.
+
The vulnerability is caused due to a boundary error within the + "ulSetError()" function (src/util/ulError.cxx) when creating the + error message, which can be exploited to overflow a static + buffer.
+
Successful exploitation allows the execution of arbitrary code but + requires that the attacker can e.g. control the content of an + overly long error message passed to the "ulSetError()" function.
+
The vulnerability is confirmed in version 1.8.5. Other versions + may also be affected.
+

+ + + + CVE-2011-4620 + http://secunia.com/advisories/47297/ + http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79 + + + 2011-12-21 + 2012-02-19 + + + phpMyAdmin -- XSS in replication setup -- cgit