Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.
Weakness
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Monopd | Monopd_project | * | 0.9.8 (excluding) |
| Libcapsinetwork | Ubuntu | lucid | * |
| Libcapsinetwork | Ubuntu | precise | * |
| Libcapsinetwork | Ubuntu | trusty | * |
| Libcapsinetwork | Ubuntu | upstream | * |
| Libcapsinetwork | Ubuntu | utopic | * |
| Libcapsinetwork | Ubuntu | vivid | * |
| Monopd | Ubuntu | lucid | * |
| Monopd | Ubuntu | precise | * |
| Monopd | Ubuntu | trusty | * |
| Monopd | Ubuntu | upstream | * |
| Monopd | Ubuntu | utopic | * |
| Monopd | Ubuntu | vivid | * |
| Monopd | Ubuntu | wily | * |
Potential Mitigations
References
- http://gtkatlantic.gradator.net/oldnews.html
- http://www.openwall.com/lists/oss-security/2015/03/23/20
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043
- https://security.gentoo.org/glsa/201507-12
- http://gtkatlantic.gradator.net/oldnews.html
- http://www.openwall.com/lists/oss-security/2015/03/23/20
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043
- https://security.gentoo.org/glsa/201507-12