Orb dimensions buffer overflow
| orb-dimensions-bo (41410) |  High Risk |
Description:
Orb is vulnerable to a heap-based buffer overflow, caused by an integer overflow error when parsing variant dimensions received within RPC requests. By sending a specially-crafted RPC request containing an overly large number of array dimensions, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Platforms Affected:
- Orb, Orb 2.00.0014 and prior
Remedy:
Upgrade to the latest version of Orb (2.00.1084 or later), available from the Orb Web site. See References.
Consequences:
Gain Access
References:
- Orb Web site, MyCast your digital media with Orb 2.0 remote pc access software at http://www.orb.com/.
- Secunia Research 25/03/2008, Orb Networks Orb Variant Array Parsing Buffer Overflow at http://secunia.com/secunia_research/2008-5/advisory/.
- BID-28431: Orb Networks Orb RPC Request Remote Integer Overflow Vulnerability
- CVE-2008-0070: Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.
- SA28203: Orb Networks Orb Variant Array Parsing Integer Overflow
- VUPEN/ADV-2008-0984: Orb Networks Orb Variant Array Parsing Integer Overflow Vulnerability
Reported:
Mar 25, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net