gnuserv MIT-MAGIC-COOKIE Remote Buffer Overflow Vulnerability

gnuserv is a freely available client server package included with xemacs. gnuserv is currently maintained by Jan Vroonhof.

A problem with gnuserv could allow a remote user to arbitrarily execute code. gnuserv allows for remote connectivity to a local session using the MIT-MAGIC-COOKIE authentication mechanism. However, the server places trust in the remote side of the connection to send a magic cookie within the size limitations. Sanity checks are not done on the cookie, which could allow a buffer overflow in the buffer holding the cookie, or alter the prefix length of authentication to a new size of 1 byte, making it possible to launch a brute-force attack against a trivial authentication.

This makes it possible for a remote user to initiate a connection to the gnuserv server, and potentially execute code as the UID of the server.


Privacy Statement
Copyright 2010, SecurityFocus