openMosix userspace library stack-based buffer overflow

2008.04.17

Credit: Jose Carlos Norte

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-1865

CWE: CWE-119

CVSS Base Score: 1.9/10

Impact Subscore: 2.9/10

Exploitability Subscore: 3.4/10

Exploit range: Local

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

title: openMosix userspace library stack-based buffer overflow
Discovered by: Jose Carlos Norte
There are a lot of buffer overflows present in the library of the openMosix project, documented at:
http://www.openmosixview.com/docs/openMosixAPI.html
The vulnerable code is in:
http://openmosix.cvs.sourceforge.net/openmosix/userspace-tools/moslib/li
bmosix.c?revision=1.6&view=markup
134 int64_t
135 msx_readnode(int node, const char *item)
136 {
137 char fn[40];
138 int64_t val;
139
140 if(!node && !(node = msx_read("/proc/hpc/admin/mospe")))
141 return(-1);
142 sprintf(fn, "/proc/hpc/nodes/%d/%s", node, item);
in line 142 there is no check against overflow in "item" argument.
Every applications using this library, can be vulnerable to attacks exploiting this flaw.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

openMosix userspace library stack-based buffer overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.