FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

corkscrew -- buffer overflow vulnerability

Affected packages
corkscrew <= 2.0

Details

VuXML ID 67a1c3ae-ad69-11df-9be6-0015587e2cc1
Discovery 2010-08-21
Entry 2010-08-21

The affected corkscrew versions use sscanf calls without proper bounds checking. In the authentication file parsing routine this can cause an exploitable buffer overflow condition. A similar but issue exists in the server response code but appears to be non-exploitable.

References

URL http://people.freebsd.org/~niels/issues/corkscrew-20100821.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.