Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | mnoGoSearch Buffer Overflow in Processing Large Documents Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-02-16 by ReCall
Views: 415
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A buffer overflow vulnerability was reported in mnoGoSearch. A user with the ability to place documents on the system can execute arbitrary code on the target system.
Frank Denis reported that when the search engine returns a large document that has been indexed, a buffer overflow can be triggered.
The flaw reportedly resides in the UdmDocToTextBuf() function in 'doc.c', where a fixed length buffer ('len') can be overflowed.
The vendor was reportedly notified on January 8, 2004.
Impact: A user with the ability to place documents on the system that will be indexed by the search engine can execute arbitrary code on the target system.
Solution: No vendor solution was available at the time of this entry.
The author indicates that as a workaround, you can set max size of every section in 'indexer.conf' to a value that is less than 10 kilobytes:
Section body 1 8192
Section title 2 128
Section meta.keywords 3 128
Section meta.description 4 128
...
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=722
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
