SCO UnixWare i2odialogd daemon Username Authorization String Overflow

critical Nessus Plugin ID 10109

Synopsis

The remote host is running a daemon that is affected by a buffer overflow vulnerability.

Description

If a user sends a too long login/password combination to this i2odialogd server, then he will overflow the server's buffers.

An attacker can use this flaw to execute arbitrary code on the remote system.

Solution

The vendor has made a patch available.

See Also

https://seclists.org/bugtraq/1999/Dec/261

Plugin Details

Severity: Critical

ID: 10109

File Name: i2odialogd.nasl

Version: 1.27

Type: remote

Published: 12/22/1999

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Vulnerability Publication Date: 12/22/1999

Reference Information

CVE: CVE-2000-0026