Full Disclosure: [ADVISORY] ~ x Thu Mar 16 14:19:11 EST 2006 x ~ Heap Overflow in ISC OpenReg

From: Dude VanWinkle <dudevanwinkle_at_gmail.com>
Date: Thu, 16 Mar 2006 19:19:14 +0000 (GMT)

[ADVISORY] ~ x Thu Mar 16 14:19:11 EST 2006 x ~ Heap Overflow in ISC OpenReg

8======================D~~~~~~
I. Description
8======================D~~~~~~
It is possible to make ISC OpenReg crash or run arbitrary code by the use of malformed input.

8======================D~~~~~~
II. History
8======================D~~~~~~
2-23-2006 - Vendor Notification.
3-16-2006 - Public Disclosure.
8======================D~~~~~~
III. Workaround
8======================D~~~~~~
There was no identified workarounds regarding this vulnerability indentified.
8======================D~~~~~~
IV. Vendor Response
8======================D~~~~~~
ISC OpenReg is presented no identified commentary regarding this problem.
8======================D~~~~~~
V. CVE Information
8======================D~~~~~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-296041 to this issue

8======================D~~~~~~
Appendix A Vendor Information
8======================D~~~~~~
http://www.isc.org/index.pl?/sw/openreg/

8======================D~~~~~~
Appendix B References
8======================D~~~~~~
RFC 863

8======================D~~~~~~
Contact
8======================D~~~~~~
Dude VanWinkle dudevanwinkle_at_gmail.com

GREM SSP-MPA GHTQ GWAS CAP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Mar 16 2006