Name:
Borland.StarTeam.Server.Buffer.Overflow
Released Date:
Mar 25 2008
Severity:
critical
Bugtraq:
28080

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a heap overflow vulnerability in Borland StarTeam 2008.

The vulnerability is caused by an error in the deserialization function (tmsg50.dll). It can occur while processing malformed "PROJECT_LOGIN" and "SET_SERVER_ACL" commands. It allows remote attackers to execute arbitrary code via a crafted request.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
Borland StarTeam 2008 version 10.0.0.57 and prior.
Aliases
References
http://www.securityfocus.com/bid/28080
http://www.frsirt.com/english/advisories/2008/0746
http://aluigi.altervista.org/adv/starteamz-adv.txt
http://aluigi.altervista.org/adv/starteammpx-adv.txt
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED