NapShare auto_filter_extern function buffer overflow
| napshare-autofilterextern-bo (18630) |  High Risk |
Description:
NapShare is vulnerable to a buffer overflow, caused by improper bounds checking in the auto_filter_extern function in the 'auto.c' file. By sending a specially-crafted gnutella response to NapShare, a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the NapShare process.
Platforms Affected:
- NapShare, NapShare 1.2
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- NapShare Web page, NapShare at http://napshare.sourceforge.net/.
- University of Illinois Chicago Web site, NapShare 1.2 auto_filter_extern overflows filename buffer at http://tigger.uic.edu/~jlongs2/holes/napshare.txt.
- BID-11967: NapShare Remote Buffer Overflow Vulnerability
- CVE-2004-1286: Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
Reported:
Dec 16, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net