Title: ADA IMGSVR GET Request Buffer Overflow Vulnerability
Severity: HIGH
Description:
ImgSvr is a server that allows remote users to browse and share image files. It is freely available under the GNU Public License for Linux and Microsoft Windows.
A vulnerability has been reported in ImgSvr that may allow a remote attacker to corrupt local process memory, potentially leading to arbitrary code execution. This issue is due to a failure of the application to properly validate the size of user supplied HTTP requests.
The problem presents itself when an HTTP GET request containing an excessively long string is submitted to the application. It is reported that a GET request of approximately 2112 bytes is sufficient to trigger this issue.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
Affected Products:
- ADA ImgSvr 0.4.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
