FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-4620

This CVE name corresponds to:

Entered Topic
2013-05-19 plib -- buffer overflow
2012-02-19 plib -- remote code execution via buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-4620
Phase Assigned(20111129)

Description

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.

References

Source Reference
EXPLOIT-DB 18258
MLIST [oss-security] 20111221 plib ulSetError() buffer overflow - CVE-2011-4620
SUSE openSUSE-SU-2012:1506
SUSE openSUSE-SU-2013:0146
OSVDB 77973
SECUNIA 47297
SECUNIA 51340