Detections
Analytics

Citadel/UX select() Bitmap Array Index Remote Oerflow

critical Nessus Plugin ID 16245

Language:

Synopsis

The remote messaging service has a buffer overflow vulnerability.

Description

The remote host is running Citadel/UX, a messaging server for Unix.

The remote version of this software is vulnerable to a buffer overflow when performing a select() system call while providing very high file descriptors. A remote attacker may exploit this flaw to modify at least one byte in memory. This could lead to a denial of service, or possibly arbitrary code execution.

Solution

Upgrade to Citadel 6.29 or later.

See Also

https://seclists.org/fulldisclosure/2005/Jan/726

https://seclists.org/bugtraq/2005/Jan/301

Plugin Details

Severity: Critical

ID: 16245

File Name: citadel_select_overflow.nasl

Version: 1.15

Type: remote

Published: 1/25/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/26/2005

Reference Information

BID: 12344

Secunia: 14026