File: 2240.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (62 lines) | stat: -rw-r--r-- 1,098 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Rule:  

--
Sid:
2240

--
Summary:
This event is generated when an attempt is made to exploit a known 
vulnerability in PDGSoft Shopping Cart.

--
Impact:
Serious. Execution of arbitrary code is possible.

--
Detailed Information:
Certain versions of PDGSoft Shopping Cart suffer from a buffer overflow 
condition that can present an attacker with the opportunity to execute 
arbitrary code of their choosing.

The vulnerable executable files are redirect.exe and changepw.exe, which
can be accessed via the web interface.

--
Affected Systems:
	PDGSoft Shopping Cart 1.50

--
Attack Scenarios:
The attacker needs to supply an overly long string to either of the 
affected executables.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/1256

--