Info

Disclosure

Sep 06, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

gnubiff contains a flaw that may allow a remote denial of service. The issue is triggered when processing UIDL lists, which may allow a remote attacker to crash the process with excessive UIDL requests, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Nicolas Rougier

gnubiff

1.4.0

References

Bugtraq ID: 11123
Secunia Advisory ID: 12445
ISS X-Force ID: 17282
CVE ID: 2004-2460 (see also: NVD)
Vendor URL: http://gnubiff.sourceforge.net/
Vendor Specific Advisory URL: http://gnubiff.sourceforge.net/changelog.php

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/9731