Описание
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| centericq | fixed | 4.21.0-17 | package | |
| centericq | no-dsa | sarge | package |
Примечания
The bug really exist but, is not exploitable because the LiveJournal server
has a length restriction on both the username (15 characters) and the real name
(50 characters). In my opnion is only exploitable if the user try connect in
fake LiveJournal server. All version of Debian centericq packages have a
compromised code.
Связанные уязвимости
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.