|
Vulnerability PlanetIntra Affected PlanetIntra v2.5 Description Following is based on a Security Bulletin 010125.EXP.1.12 by S.A.F.E.R. A buffer overflow exists in PlanetIntra software that allows remote execution of code. A buffer overflow (at least one, possibly more) exists in 'pi' binary which allows remote user to execute commands on the target system. For example, request like: GET /cgi-bin/pi?page=document/show_file&id=<A x 10024> will trigger the overflow. Exploit will be released in 2 weeks (this is subject to change). Solution There is a patch for this.