Info

Disclosure

Nov 30, 2008

Discovery

Unknown

Dates

Exploit

Nov 30, 2008

Solution

Unknown

Description

A local overflow exists in Cain & Abel v4.9.24 and earlier. The software fails to check buffer lengths resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can execute arbitrary code resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version v4.9.25 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

oxid.it	Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel	4.9.24
	Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel	4.9.23
	Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel	4.9.19

References

CVE ID: 2008-5405 (see also: NVD)
Bugtraq ID: 32543
Secunia Advisory ID: 32794
ISS X-Force ID: 46940
Metasploit ID: 50342
Milw0rm: 7297 7309 7329
Exploit Database: 7297 7309 7329
VUPEN Advisory: ADV-2008-3286
Vendor Specific News/Changelog Entry: http://oxid.netsons.org/phpBB2/viewtopic.php?t=2750
Generic Exploit URL: http://trac.metasploit.com/changeset/6521
Vendor URL: http://www.oxid.it/cain.html

Credit

Encrypt3d.M!nd -

Direct URL: http://osvdb.org/50342

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

oxid.it

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel

References

Credit

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel

Cain &amp;amp;amp;amp;amp;amp;amp;amp;amp; Abel