Published:2025/01/15  Last Updated:2025/01/15

JVNVU#92217718
Linux Ratfor vulnerable to stack-based buffer overflow

Overview

Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability.

Products Affected

  • Linux Ratfor 1.06 and earlier

Description

Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability (CWE-121).

Impact

When the software processes a special crafted file by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.

  • Linux Ratfor 1.07

Vendor Status

Vendor Link
The Dimensional Gate Co. Linux ratfor

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.0
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Comment

This assumes an attack scenario in which a victim user is directed to process a crafted ratfor source code with the affected product.

Credit

Yuhei Kawakoya of NTT Social Informatics Laboratories / NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-55577
JVN iPedia