NASLDB: Trillian Multiple HTTP Responses Buffer Overflow Vulnerabilities
General
ID: 17611
Name: Trillian Multiple HTTP Responses Buffer Overflow Vulnerabilities
Summary: Determines the version of Trillian.exe
Credits: Tenable Network Security
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:U/RC:ND
Port: –
Family: Windows
Type: Local
Description
The remote host has the Trillian program installed. Trillian is a
Peer2Peer client that allows users to chat and share files with other
users across the world.
The remote version of this software is vulnerable to several buffer
overflows when processing malformed responses.
An attacker could exploit these flaws to execute arbitrary code on the
remote host. To exploit these flaws, an attacker would need to divert
several HTTP requests made by the remote host (through DNS poisoning)
to a rogue HTTP server sending malformed data.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: –
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2005/03/24
Plugin
Version: 1.11
Filename: trillian_http_response_overflow.nasl
Filesize: 2580 bytes
MD5 Hash: 82d79f6c106a4cb70790ae056daacf9e
Identification: SMB/Trillian/Version
Require Keys: SMB/Trillian/Version
Dependencies: "trillian_installed.nasl"
Copyright: This script is Copyright© 2005-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack