KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html | |
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2024/Feb/13 | Exploit Mailing List |
http://seclists.org/fulldisclosure/2024/Feb/14 | Exploit Mailing List |
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-09T00:00:00
Updated: 2024-02-14T20:05:55.773782
Reserved: 2024-02-02T00:00:00
Link: CVE-2024-25004
JSON object: View
NVD Information
Status : Modified
Published: 2024-02-09T07:16:00.930
Modified: 2024-02-14T20:15:45.980
Link: CVE-2024-25004
JSON object: View
Redhat Information
No data.
CWE