|
| TC: | 12027 | |
| Description: | Darxite is a daemon written by Ashley Montanaro, whose job is to retrieve files via FTP or HTTP. Versions up to 0.4 are vulnerable to buffer overflows. This buffer overflow has been proved to be usable for remote execution with daemon privileges. | |
| TC Impact: | Denial of Service |
| Vulnerability Publication: | August 22, 2000 | |
| Advisory Copyright: | Guido Bakker | |
| Summary: | A remote attacker can overflow the buffer and crash the system or execute arbitrary code as the user running the Darxite daemon. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial | |
| CVSS 2.0 Base Score: | 7.5 |
| Vulnerability Impact: |
Attack Crash |
|---|
| Host Impact: | Daemon crashes. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** The vendor has released fixes to address these issues. See references for more details. |
| References: | ||
| * BUGTRAQ: 20000821 Darxite daemon remote exploit/DoS problem http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html * BID: 1598 http://www.securityfocus.com/bid/1598 * XF: darxite-login-bo http://xforce.iss.net/xforce/xfdb/5134 * MISC: http://www.securityfocus.com/archive/1/77387 |
| CVE Link: |
CVE-2000-0846 |
 |
|---|
| Glossary: |
Buffer Overflow FTP HTTP |
|---|