IDA Pro Remote Debugger Server contains a flaw that may allow a malicious user to bypass password functionality. It is possible that the flaw may allow the execution of arbitrary code under the context of the user that started the debugger server resulting in a loss of integrity.

DataRescue has released a patch to address this vulnerability.
Additionally, it is possible to correct the flaw by implementing the following workaround(s):
- The remote debugger server should not be left running when it is not in use.
- Access to the port used by the remote debugger server could be blocked with the use of a firewall.

• Security Tracker: 1017815
• CVE ID: 2007-1666 (see also: NVD)
• Bugtraq ID: 23114
• Secunia Advisory ID: 24635
• ISS X-Force ID: 33190
• VUPEN Advisory: ADV-2007-1089
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0354.html
• Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=492
• Vendor Specific Solution URL: http://www.datarescue.com/freefiles/ida_remdeb_fix_22032007.zip

• enhalos - iDefense Labs VCP