| VID |
23103 |
| Severity |
40 |
| Port |
504 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Citadel/UX server, according to its version number, has a buffer overflow vulnerability in the select() system call. Citadel/UX is an open-source Bulletin Board Service (BBS) software for Unix platforms that supports message forums, email, chat, and instant messaging. Citadel/UX versions prior to 6.29 are vulnerable to a buffer overflow vulnerability when performing a select() system call while providing very high file descriptors. Successful exploitation will allow a remote attacker to execute arbitrary code on a vulnerable host with superuser privileges.
* Note: This check solely relied on the version number of the remote Citadel/UX server to assess this vulnerability, so this might be a False Positive.
* References:
http://securityfocus.com/archive/1/388201
http://securityfocus.com/archive/1/388325
* Platforms Affected:
Citadel Project, Citadel/UX versions prior to 6.29
Apple Computer, Inc., Mac OS 10.x
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Citadel/UX (6.29 or later), available from the Citadel Download Web site at http://uncensored.citadel.org/citadel/download.php |
| Related URL |
(CVE) |
| Related URL |
12344 (SecurityFocus) |
| Related URL |
(ISS) |
|
