CVE-2008-3547 (vulnerable 0.3.5 - fixed 0.6.2)

Short description: Denial of service (server) via UDP request

Official CVE-2008-3547 entry at cve.mitre.org.

Related bug reports:

  • There are no related bugs.

Related commits:

Patches: (sometimes more fuzz is needed to apply them)

Buffer overflow in the server requiring remote authenticated users to set long names for companies and clients before a non-authenticated user can trigger a buffer overflow and possibly execute arbitrary code.

The buffer overflow is triggered while creating a packet that is never requested by normal clients and was only added to facilitate external applications to query the clients and companies on a server. The solution (trunk r13713) applied in 0.6.2 and later implements a new version of that protocol that is not vulnerable, however not returning anything at all would prevent this bug from being triggered while still being technically correct as the bug happens creating an UDP packet and those are not guaranteed to be delivered.

The attached patch disables this creating and thus sending the package completely.