Info

Disclosure

Feb 10, 2012

Discovery

Unknown

Dates

Exploit

Feb 10, 2012

Solution

Unknown

Description

RabidHamster R2 is prone to an overflow condition. The 'file' command fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long file parameter, a remote attacker can potentially cause arbitrary code execution.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Gordon Williams

RabidHamster R2

1.65

References

CVE ID: 2012-1222 (see also: NVD)
Secunia Advisory ID: 47966
Bugtraq ID: 52061
ISS X-Force ID: 73113
Related OSVDB ID: 79094 79095
Other Advisory URL: http://aluigi.altervista.org/adv/r2_1-adv.txt
Vendor URL: http://www.rabidhamster.org/R2/index2.php

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/79093