Info

Disclosure

Jul 06, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted DMO files when unpacking them resulting in an heap overflow. A length value read directly in the header of the DMO file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored

Solution

Upgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Simon Peter

AdPlug

2.0

References

CVE ID: 2006-3582 (see also: NVD)
Secunia Advisory ID: 20972 21238 21295 21869
Related OSVDB ID: 27042 27043 27045 27046 27047
Vendor URL: http://adplug.sourceforge.net/
Other Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt
http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/27044