Overview
Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Winny (also referred to as WinNY) is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due to an unbounded strcpy() of remotely-supplied user input during the handling of certain commands provided by the file transfer feature. This flaw results in a heap-based buffer overflow vulnerability due to the lack of validation on the size of user input. A remote attacker may be able exploit this vulnerability by sending a specially crafted message to a vulnerable Winny installation. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. The attacker-supplied code would be executed in the context of the user running Winny. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Workarounds Discontinue use of the product |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to JPCERT/CC for reporting this vulnerability. Discovery and research of this vulnerability was performed by eEye Digital Security.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2006-2007 |
| Severity Metric: | 3.42 |
| Date Public: | 2006-04-21 |
| Date First Published: | 2006-04-28 |
| Date Last Updated: | 2006-05-31 13:17 UTC |
| Document Revision: | 30 |