Vigil@nce - Tanuki Java Service Wrapper: buffer overflow via HostIds collection
May 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow via HostIds collection
in Tanuki Java Service Wrapper, in order to trigger a denial of
service, and possibly to run code.
Impacted products: Java Service Wrapper.
Severity: 2/4.
Creation date: 17/03/2017.
DESCRIPTION OF THE VULNERABILITY
The Tanuki Java Service Wrapper product get the network
configuration.
However, if the host have more than 10 network interfaces, a
buffer overflow occurs when reading adresses or host names.
An attacker can therefore generate a buffer overflow via HostIds
collection in Tanuki Java Service Wrapper, in order to trigger a
denial of service, and possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN