Priv8 Security Research Advisory #2004-001 - All versions of LCDproc are vulnerable to a remotely exploitable buffer overflow that allows attackers to execute arbitrary code. The problem appears in function parse_all_client_messages() of parse.c file where a loop does not check if MAXARGUMENTS were reached, causing the program to crash when lots of arguments are passed to the function.
e6a3e47f9d3eb96f5fee396fb74b7e9a707654dae6aef17892ce43f2ff5ebf5c***************************************************************************
Priv8 Security Research - #2004-001 security@priv8security.com
http://www.priv8security.com Adriano Lima
February 22nd, 2004
---------------------------------------------------------------------------
Package Name: LCDproc
Vendor URL: http://lcdproc.omnipotent.net
Date: 2004-02-22
ID: PSR-#2004-001
Affected Version: All Versions
Risk: HIGH
***************************************************************************
Package Description:
LCDproc is a software that displays real-time system information from your
Linux/*BSD box on a LCD. The server supports several serial devices: Matrix
Orbital, Crystal Fontz, Bayrad, LB216, LCDM001 (kernelconcepts.de), Wirz-SLI,
Cwlinux(.com) and PIC-an-LCD; and some devices connected to the LPT port:
HD44780, STV5730, T6963, SED1520 and SED1330. Various clients that display
things such as CPU load, system load, memory usage, uptime, and a lot more,
are available.
Problem Description:
A remote exploitable buffer overflow that allows remote users to execute an
arbitrary code was found on LCDd server.
The problem appears on function parse_all_client_messages() of parse.c file, a
loop does not check if MAXARGUMENTS were reached, causing the program to crash
when lots of arguments are passed to the function.
Testing:
See proof of concept code on
http://www.priv8security.com/releases/priv8lcd44.pl
Solutions:
It is recommended that all users upgrade to version 0.4.4 and install
the follow patch coded by Rodrigo Rubira Branco.
http://www.priv8security.com/releases/lcdproc.patch
References (See also):
http://www.priv8security.com/releases/lcdproc/lcdproc.adv1
http://www.priv8security.com/releases/lcdproc/lcdproc.adv2
http://www.priv8security.com/releases/lcdproc/lcdproc.patch
http://www.priv8security.com/releases/lcdproc/priv8lcd44.pl
ADDITIONAL INSTRUCTIONS:
Apply this patch against the latest version of lcdproc.
About Priv8 Security Research Group:
Priv8 Security is a group of programmers and enthusiastic friends
new and motivated the security area.
Questions:
If you have any questions, send a mail to security@priv8security.com
Check out our mailing lists:
<http://www.priv8security.com>
The advisory itself is available at
<http://www.priv8security.com/releases/lcdproc/lcdproc.adv1>
---------------------------------------------------------------------------
All advisories are signed with Priv8 GPG key. The key and instructions
on how to import it can be found at
http://www.priv8security.com
Instructions on how to check the signatures of the packages can be
found at http://www.priv8security.com
---------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.priv8security.com
- -------------------------------------------------------------------------
Copyright (c) 2004 Priv8 Security
http://www.priv8security.com
---------------------------------------------------------------------------
subscribe: security@priv8security.com
unsubscribe: security@priv8security.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed