Citadel/UX USER Command Remote Overflow

critical Nessus Plugin ID 13856

Synopsis

The remote messaging service has a buffer overflow vulnerability.

Description

The remote host is running Citadel/UX, a messaging server for Unix.

There is a buffer overflow in the remote version of this software that could be exploited by a remote attacker to create a denial of service, or execute arbitrary code.

To exploit this flaw, an attacker would need to provide a specially crafted argument to the USER command.

Solution

Upgrade to Citadel 6.24 or later.

See Also

https://seclists.org/bugtraq/2004/Jul/349

Plugin Details

Severity: Critical

ID: 13856

File Name: citadel_overflow.nasl

Version: 1.19

Type: remote

Published: 7/30/2004

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/29/2004

Reference Information

CVE: CVE-2004-1705

BID: 10833

Secunia: 12197