Citadel/UX USER Command Remote Overflow

Critical Nessus Plugin ID 13856

Synopsis

The remote messaging service has a buffer overflow vulnerability.

Description

The remote host is running Citadel/UX, a messaging server for Unix.

There is a buffer overflow in the remote version of this software that could be exploited by a remote attacker to create a denial of service, or execute arbitrary code.

To exploit this flaw, an attacker would need to provide a specially crafted argument to the USER command.

Solution

Upgrade to Citadel 6.24 or later.

See Also

https://seclists.org/bugtraq/2004/Jul/349

Plugin Details

Severity: Critical

ID: 13856

File Name: citadel_overflow.nasl

Version: 1.19

Type: remote

Published: 2004/07/30

Updated: 2018/11/15

Dependencies: 11153

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/07/29

Reference Information

CVE: CVE-2004-1705

BID: 10833

Secunia: 12197