Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: pintra1.htm

PlanetIntra v2.5 Exploitable Buffer Overflow



Vulnerability

    PlanetIntra

Affected

    PlanetIntra v2.5

Description

    Following  is  based  on   a  Security  Bulletin   010125.EXP.1.12
    by S.A.F.E.R.   A buffer overflow  exists in PlanetIntra  software
    that allows remote execution of code.

    A buffer  overflow (at  least one,  possibly more)  exists in 'pi'
    binary which allows remote user to execute commands on the  target
    system.

    For example, request like:

        GET /cgi-bin/pi?page=document/show_file&id=<A x 10024>

    will trigger the overflow.

    Exploit will be released in 2 weeks (this is subject to change).

Solution

    There is a patch for this.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH