LCDproc Buffer Overflow Network Vulnerability

Summary

LCDproc (http://lcdproc.omnipotent.net) is a system that is used to display system information and other data on an LCD display (or any supported display device, including curses or text) The LCDproc version 4.0 and above uses a client-server protocol, allowing anyone with access to the LCDproc server to modify the displayed content. It is possible to cause the LCDproc server to crash and execute arbitrary code by sending the server a large buffer that will overflow its internal buffer. For more information see article: http://www.securiteam.com/exploits/Remote_vulnerability_in_LCDproc_0_4__shell_access_.html (NOTE: URL maybe wrapped)

Solution

Disable access to this service from outside by disabling access to TCP port 13666 (default port used)

Severity

Classification

CVE CVE-2000-0295
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ChaSen Buffer Overflow Vulnerability (Windows)
Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
CuteFTP Heap Based Buffer Overflow Vulnerability
A-V Tronics InetServ POP3 Denial Of Service Vulnerability
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)

LCDproc buffer overflow

Take action and discover your vulnerabilities