xtell Multiple Remote Buffer Overflow Vulnerabilities

xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems.

Multiple buffer overflow vulnerabilities have been reported in some versions of xtell. If long strings are recieved by the xtell client, stack memory will be overwritten. Exploitation of these vulnerabilities may result in arbitrary code being executed as the xtell daemon.

Overflow conditions may be caused if long strings are sent by a malicious DNS server in response to the reverse lookup performed when a message is received, either through the auth string returned by the ident server, or through directly sending an overly long message to the vulnerable user.

Earlier versions of xtell may share some or all of these vulnerabilities. This has not been confirmed.


Privacy Statement
Copyright 2010, SecurityFocus