FD_SET structure and select function buffer overflow in multiple applications

fdset-select-bo (19077) The risk level is classified as HighHigh Risk

Description:

Multiple applications are vulnerable to a buffer overflow, caused by improper bounds checking by the select function and FD_SET operations. A remote attacker could overflow a buffer and cause a denial of service or possibly gain root privileges on the system.

Applications vulnerable to this buffer overflow include BNC version 2.8.4 (denial of service only), GnuGK version 2.2.0, jabber version 1.4.1, Dante version 1.1, Citadel/UX version 6.27, and 3Proxy version 0.4..

Any application running on Microsoft Windows or Linux operating systems using the fd_set structure could be vulnerable to this buffer overflow.

Platforms Affected:

  • Citadel, UX 5.90
  • Citadel, UX 5.91
  • Citadel, UX 6.07
  • Citadel, UX 6.08
  • Citadel, UX 6.23
  • Citadel, UX 6.24
  • Citadel, UX 6.26
  • Citadel, UX 6.27
  • GnuGK Gnu Open Source Project, GnuGK 2.2.0
  • James Seter, BNC 2.8.4

Remedy:

For BNC version 2.8.4:

Upgrade to the latest version BNC ( 2.9.3 or later), available from the BNC Web site. See References.

For Citadel/UX version 6.27:

Upgrade to the latest version Citadel/UX ( 6.29 or later), available from the Citadel/UX Web site. See References.

For GnuGK version 2.2.0:

Upgrade to the latest version GnuGK ( 2.2.1 or later), available from the GnuGK Web site. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

  • BNC Web site, http://www.gotbnc.com at http://www.gotbnc.com.
  • BugTraq Mailing List, Mon Jan 24 2005 - 14:30:08 CST , SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow at http://archives.neohapsis.com/archives/bugtraq/2005-01/0248.html.
  • Citadel/UX Web site, Citadel at http://uncnsrd.mt-kisco.ny.us/citadel/.
  • GnuGK Web site, OpenH323 Gatekeeper - The GNU Gatekeeper at http://www.gnugk.org/.
  • BID-12341: OpenH323 select() Bitmap Remote Buffer Overflow Vulnerability
  • BID-12344: Citadel/UX select() Bitmap Remote Buffer Overflow Vulnerability
  • BID-12345: RinetD select() Bit-Array Remote Buffer Overflow Vulnerability
  • BID-12346: Jabber select() Bitmap Remote Buffer Overflow Vulnerability
  • BID-12347: Blacklist Daemon BLD select() Bit-Array Remote Buffer Overflow Vulnerability
  • BID-12349: Inferno Nettverk Dante select() Bitmap Remote Buffer Overflow Vulnerability
  • BID-12350: NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnerability
  • BID-12351: 3proxy select() Bitmap Remote Buffer Overflow Vulnerability
  • BID-12374: BNC IRC Server Proxy select() Bit-Array Remote Buffer Overflow Vulnerability

Reported:

Jan 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page