Info

Disclosure

May 18, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in Hummingbird InetD. LPD fails to validate large amounts of data resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Hummingbird has released a patch to address this vulnerability.

Products

Hummingbird	InetD	9.0.0.4
		10.0.0.1

References

Bugtraq ID: 13788 13790
Secunia Advisory ID: 15557
Related OSVDB ID: 16956
Metasploit ID: 16957
CVE ID: 2005-1815 (see also: NVD)
Vendor Specific News/Changelog Entry: http://connectivity.hummingbird.com/support/nc/exceed/ftpd_advisory.html?cks=y
Vendor Specific Advisory URL: http://connectivity.hummingbird.com/support/nc/exceed/lpdw_advisory.html?cks=y
Vendor URL: http://www.hummingbird.com/
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/hummingbird_lpd_bo

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/16957