|
|
|
|
| |
Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-041.html
|
| |
The specific flaw exists within the AdminSecure agent which binds by default to TCP port 19226 or 19227. When processing traffic on the listening port, the agent trusts a user-supplied length value for a memory allocation. Specific size values can result in an integer overflow and subsequently insufficient allocation size. This results in a heap-based buffer overflow that can be leverage to execute arbitrary code.
Vendor Response:
Panda Software has issued an update to correct this vulnerability. More details can be found at: http://www.pandasoftware.com/Download/tree/
Disclosure Timeline:
2006.11.15 - Vulnerability reported to vendor
2007.07.24 - Digital Vaccine released to TippingPoint customers
2007.07.24 - Coordinated public release of advisory
CVE Information:
CVE-2007-3026
|
|
|
|
|
