Steven Van Acker has reported a vulnerability in Pound, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the "add_port()" function and can be exploited to cause a buffer overflow by supplying an overly long hostname.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in version 1.8.2. Prior versions may also be affected.
Update to version 1.8.3.
Provided and/or discovered by:
Steven Van Acker
Existing Keywords: pound-1.7: ppc ~hppa x86 ~mips ~sparc alpha
web-apps herd, please bump to 0.8.3
In cvs, x86 stable. CC'd archs please mark stable.
Stable on ppc.
Stable on alpha.
Thanks Jean-François for the draft :)