search menu icon-carat-right cmu-wordmark

CERT Coordination Center

SETI@home client vulnerable to buffer overflow

Vulnerability Note VU#146785

Original Release Date: 2003-04-07 | Last Revised: 2003-04-09

Overview

A buffer overflow vulnerability in the SETI@home client could allow a remote attacker to execute arbitrary code or cause the SETI@home client to fail. An exploit for this vulnerability is known to exist and may be circulating.

Description

From the SETI@home website:

SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data.
A remotely exploitable buffer overflow in the SETI@home client may allow a remote attacker to execute arbitrary code with the privileges of the victim running SETI@home, or cause the SETI@home client to fail. For more details, please see the advisory written by Berend-Jan Wever.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the victim running SETI@home, or cause the SETI@home client to fail.

Solution

SETI@home has provided an updated client that resolves this vulnerability.

Vendor Information

146785
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Berend-Jan Wever.

This document was written by Ian A Finlay.

Other Information

CVE IDs: None
Severity Metric: 14.06
Date Public: 2003-04-06
Date First Published: 2003-04-07
Date Last Updated: 2003-04-09 13:00 UTC
Document Revision: 9

Sponsored by CISA.