blob: 5e7cfa91210cece73d5eaf8302fe8a20777ab0ab [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200411-37">
<title>Open DC Hub: Remote code execution</title>
Open DC Hub contains a buffer overflow that can be exploited to allow
remote code execution.
<product type="ebuild">opendchub</product>
<announced>November 28, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="net-p2p/opendchub" auto="yes" arch="*">
<unaffected range="ge">0.7.14-r2</unaffected>
<vulnerable range="lt">0.7.14-r2</vulnerable>
Open DC Hub is the hub software for the Direct Connect file sharing
Donato Ferrante discovered a buffer overflow vulnerability in the
RedirectAll command of the Open DC Hub.
<impact type="high">
Upon exploitation, a remote user with administrative privileges can
execute arbitrary code on the system running the Open DC Hub.
Only give administrative rights to trusted users.
All Open DC Hub users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-p2p/opendchub-0.7.14-r2&quot;</code>
<uri link="">Full-Disclosure Advisory</uri>
<uri link="">CVE-2004-1127</uri>
<metadata tag="submitter" timestamp="Sun, 28 Nov 2004 03:48:46 +0000">
<metadata tag="bugReady" timestamp="Sun, 28 Nov 2004 03:49:07 +0000">