Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_california | seti_at_home | 3.03 |
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_california | seti_at_home | 3.3 |
| university_of_california | seti_at_home | 3.4 |
| university_of_california | seti_at_home | 3.7 |
| university_of_california | seti_at_home | 3.6 |
| university_of_california | seti_at_home | 3.5 |