1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200411-37 / opendchub |
| Release Date | November 28, 2004 |
| Latest Revision | May 22, 2006: 02 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-p2p/opendchub | < 0.7.14-r2 | >= 0.7.14-r2 | All supported architectures |
Related bugreports: #72371
Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.
Open DC Hub is the hub software for the Direct Connect file sharing network.
Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub.
Upon exploitation, a remote user with administrative privileges can execute arbitrary code on the system running the Open DC Hub.
Only give administrative rights to trusted users.
All Open DC Hub users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.7.14-r2" |