Multiple Vendor mopd User Inputted Data Used as Format String Vulnerability

A buffer overflow exists in the mopd daemon, shipped with a number of popular operating systems. By supplying a filename containing the proper format strings (% strings), it is possible for a remote attacker to overwrite values on the stack. It may be possible to use this capability to execute arbitrary code on the affected machine.

To check for a vulnerable version, it is possible to look in the mopProcessDL() function, in process.c. If the pfile[] buffer is declared to be 17 bytes, it is vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus