JVNVU#92217718
Linux Ratfor vulnerable to stack-based buffer overflow
Overview
Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability.
Products Affected
- Linux Ratfor 1.06 and earlier
Description
Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability (CWE-121).
Impact
When the software processes a special crafted file by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.
- Linux Ratfor 1.07
Vendor Status
Vendor | Link |
The Dimensional Gate Co. | Linux ratfor |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
This assumes an attack scenario in which a victim user is directed to process a crafted ratfor source code with the affected product.
Credit
Yuhei Kawakoya of NTT Social Informatics Laboratories / NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2024-55577 |
JVN iPedia |
|