SLRN Long Header Buffer Overflow Vulnerability

slrn is a freely available news group program, designed to provide an easy to use interface to the NNTP. It is included with many Linux distributions, and is maintained by the SLRN Development Team.

A problem in the program could result in a buffer overflow, and could lead to the execution of arbitrary code. The wrapping/unwrapping function is disabled by default. However, if this function is enabled, an overflow of the buffer holding the wrapped header may occur. This heap overflow could result in the execution of shellcode encoded into the header or the body of the message.

It may be possible for a malicious remote user to execute arbitrary code as the UID of the slrn process. This vulnerability could also allow an intruder local access as the UID of the slrn process.


Privacy Statement
Copyright 2010, SecurityFocus