[2/5] PWLib “PString::vsprintf()” Denial of Service Vulnerability

October 9th, 2007 by

[2/5] PWLib “PString::vsprintf()” Denial of Service Vulnerability

:A vulnerability has been discovered in PWLib, which can be exploited by malicious people to cause a DoS (Denial of Service).The vulnerability is caused due to an error within the "PString::vsprintf()" method in src/ptlib/common/contain.cxx. This can be exploited to cause a memory corruption by e.g. tricking an application using the library to use this function with a string longer than 1000 bytes.The vulnerability is confirmed in version 1.10.4-1 for Fedora Core 6. Other versions may also be affected.Solution:Use applications linked against PWLib in trusted environments and trusted data only.Provided and/or discovered by:Reported in a Red Hat advisory.Original Advisory:http://rhn.redhat.com/errata/RHSA-2007-0932.html

Original post by nitish

[2/5] PWLib “PString::vsprintf()” Denial of Service Vulnerability

Related Articles:

[2/5] Red Hat update for pwlib

[2/5] Mandriva update for pwlib

[2/5] Ubuntu update for pwlib

[2/5] CA ARCserve Backup Discovery Service Denial of Service

[3/5] NoticeWare Email Server IMAP Packet Handling Denial of Service

Posted in Advisories - Exploits | | [2/5] PWLib “PString::vsprintf()” Denial of Service Vulnerability

<< [2/5] Red Hat update for pwlib | [1/5] Interstage Application Server Full Path Disclosure Weakness >>

Cybertrion Systems

[2/5] PWLib “PString::vsprintf()” Denial of Service Vulnerability

Categories

Archives:

Search:

Meta: