CVE-2010-1147

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-1147
Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.html
http://marc.info/?l=oss-security&m=127051570728944&w=2
http://openwall.com/lists/oss-security/2010/04/03/1
http://secunia.com/advisories/39664
http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600 Exploit
http://www.securityfocus.com/archive/1/510428 Exploit
http://www.securityfocus.com/bid/39129
http://www.vupen.com/english/advisories/2010/1023
http://www.vupen.com/english/advisories/2010/1044
https://bugzilla.redhat.com/show_bug.cgi?id=579206
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.html
http://marc.info/?l=oss-security&m=127051570728944&w=2
http://openwall.com/lists/oss-security/2010/04/03/1
http://secunia.com/advisories/39664
http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600 Exploit
http://www.securityfocus.com/archive/1/510428 Exploit
http://www.securityfocus.com/bid/39129
http://www.vupen.com/english/advisories/2010/1023
http://www.vupen.com/english/advisories/2010/1044
https://bugzilla.redhat.com/show_bug.cgi?id=579206
Configurations

Configuration 1 (hide)

cpe:2.3:a:roshan_singh:open_direct_connect_hub:0.8.1:*:*:*:*:*:*:*
History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308 - () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308 -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040360.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.html -
References () http://marc.info/?l=oss-security&m=127051570728944&w=2 - () http://marc.info/?l=oss-security&m=127051570728944&w=2 -
References () http://openwall.com/lists/oss-security/2010/04/03/1 - () http://openwall.com/lists/oss-security/2010/04/03/1 -
References () http://secunia.com/advisories/39664 - () http://secunia.com/advisories/39664 -
References () http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600 - Exploit () http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600 - Exploit
References () http://www.securityfocus.com/archive/1/510428 - Exploit () http://www.securityfocus.com/archive/1/510428 - Exploit
References () http://www.securityfocus.com/bid/39129 - () http://www.securityfocus.com/bid/39129 -
References () http://www.vupen.com/english/advisories/2010/1023 - () http://www.vupen.com/english/advisories/2010/1023 -
References () http://www.vupen.com/english/advisories/2010/1044 - () http://www.vupen.com/english/advisories/2010/1044 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=579206 - () https://bugzilla.redhat.com/show_bug.cgi?id=579206 -
Information

Published : 2010-04-06 16:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-1147

Mitre link : CVE-2010-1147

CVE.ORG link : CVE-2010-1147

JSON object : View

Products Affected

roshan_singh

  • open_direct_connect_hub
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer