CVE-2004-0238 - Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitra

CVE-2004-0238

Summary

Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.

References

Vulnerable Configurations

cpe:2.3:a:0verkill:0verkill:0.16:*:*:*:*:*:*:*
cpe:2.3:a:0verkill:0verkill:0.16:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	9550
bugtraq	20040202 0verkill - little simple vulnerability.
fulldisc	20040202 0verkill - little simple vulnerability.
misc	http://www.securiteam.com/securitynews/5AP010KC0C.html
xf	overkill-client-multiple-bo(14999) overkill-server-parsecommandline-bo(15000)

Last major update

11-07-2017 - 01:29

Published

23-11-2004 - 05:00

Last modified

11-07-2017 - 01:29