Vulnerability Note VU#146785
SETI@home client vulnerable to buffer overflow
A buffer overflow vulnerability in the SETI@home client could allow a remote attacker to execute arbitrary code or cause the SETI@home client to fail. An exploit for this vulnerability is known to exist and may be circulating.
From the SETI@home website:
SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data.
A remote attacker may be able to execute arbitrary code with the privileges of the victim running SETI@home, or cause the SETI@home client to fail.
SETI@home has provided an updated client that resolves this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD||Affected||-||08 Apr 2003|
|Gentoo Linux||Affected||-||09 Apr 2003|
|SETI@home||Affected||-||07 Apr 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Berend-Jan Wever.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 06 Apr 2003
- Date First Published: 07 Apr 2003
- Date Last Updated: 09 Apr 2003
- Severity Metric: 14.06
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.