Info

Disclosure

Nov 04, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

GpsDrive contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by a format string flaw within the friendsd2 server, due to a bad fprintf() call. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Fritz Ganter

GpsDrive

2.0.9

References

Milw0rm: 1290 1291
Exploit Database: 1290 1291
Secunia Advisory ID: 17473 17477 17626
CVE ID: 2005-3523 (see also: NVD)
Keyword: DMA[2005-1104a]
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0121.html
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Nov/0007.html
http://www.digitalmunition.com/DMA%5B2005-1104a%5D.txt
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-891
Vendor URL: http://www.gpsdrive.cc/

Credit

Kevin Finisterre - kfdigitalmunition.com -

Direct URL: http://osvdb.org/20531