P2P: eMule DecodeBase16 Overflow
This signature detects attempts to exploit a known vulnerability against eMule v0.42. eMule v0.42 and earlier are vulnerable. Attackers can send excessive amounts of hex-encoded data in an IRC private message to execute arbitrary code in the user context.
Extended Description
eMule is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries during memory copy operations. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
Affected Products
Emule emule
References
BugTraq: 10039
CVE: CVE-2004-1892
URL: http://www.net-security.org/vuln.php?id=3369 http://www.securitytracker.com/alerts/2004/Apr/1009651.html
Short Name
P2P:EMULE:DECODE16-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
Drop
Category
P2P
Keywords
CVE-2004-1892 DecodeBase16 Overflow bid:10039 eMule
Release Date
04/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Emule
CVSS Score
7.5