[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PSR - #2004-001 Remote - LCDProc
From:       Priv8 Security Research <security () priv8security ! com>
Date:       2004-04-08 20:10:13
Message-ID: 4075B1A5.9070205 () priv8security ! com
[Download RAW message or body]

["final1.txt" (text/plain)]

***************************************************************************
 Priv8 Security Research - #2004-001   	  	  security@priv8security.com
 http://www.priv8security.com			  Adriano Lima
 February 22nd, 2004
---------------------------------------------------------------------------

Package Name: LCDproc
Vendor URL:  http://lcdproc.omnipotent.net
Date:  2004-02-22  
ID:  PSR-#2004-001
Affected Version: All Versions
Risk: HIGH

***************************************************************************

Package Description:

LCDproc is a software that displays real-time system information from your Linux/*BSD \
box on a LCD. The server supports several serial devices: Matrix Orbital, Crystal \
Fontz, Bayrad, LB216, LCDM001 (kernelconcepts.de), Wirz-SLI, Cwlinux(.com) and \
PIC-an-LCD; and some devices connected to the LPT port: HD44780, STV5730, T6963, \
SED1520 and SED1330. Various clients  that display things such as CPU load, system \
load, memory usage, uptime, and a lot more, are available.


Problem Description:

A remote exploitable buffer overflow that allows remote users to execute an arbitrary \
code was found on LCDd server. The problem appears on function \
parse_all_client_messages() of parse.c file, a loop does not check if MAXARGUMENTS \
were reached, causing the program to crash when lots of arguments are passed to the \
function.

Testing:

See proof of concept code on
http://www.priv8security.com/releases/priv8lcd44.pl

Solutions:

	It is recommended that all users upgrade to version 0.4.4 and install the follow \
patch coded by Rodrigo Rubira Branco.  \
http://www.priv8security.com/releases/lcdproc.patch


References (See also):
	http://www.priv8security.com/releases/lcdproc/lcdproc.adv1
	http://www.priv8security.com/releases/lcdproc/lcdproc.adv2
	http://www.priv8security.com/releases/lcdproc/lcdproc.patch
	http://www.priv8security.com/releases/lcdproc/priv8lcd44.pl


ADDITIONAL INSTRUCTIONS:
	Apply this patch against the latest version of lcdproc.


About Priv8 Security Research Group:
	Priv8 Security is a group of programmers and enthusiastic friends
new and motivated the security area.


Questions:
	If you have any questions, send a mail to security@priv8security.com

  Check out our mailing lists:
  <http://www.priv8security.com>


  The advisory itself is available at
  <http://www.priv8security.com/releases/lcdproc/lcdproc.adv1>


---------------------------------------------------------------------------
All advisories are signed with Priv8 GPG key. The key and instructions
on how to import it can be found at
http://www.priv8security.com
Instructions on how to check the signatures of the packages can be
found at http://www.priv8security.com

---------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.priv8security.com

- -------------------------------------------------------------------------
Copyright (c) 2004 Priv8 Security
http://www.priv8security.com

---------------------------------------------------------------------------
subscribe: security@priv8security.com
unsubscribe: security@priv8security.com



[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic