FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

corkscrew -- buffer overflow vulnerability

Affected packages
corkscrew <= 2.0


VuXML ID 67a1c3ae-ad69-11df-9be6-0015587e2cc1
Discovery 2010-08-21
Entry 2010-08-21

The affected corkscrew versions use sscanf calls without proper bounds checking. In the authentication file parsing routine this can cause an exploitable buffer overflow condition. A similar but issue exists in the server response code but appears to be non-exploitable.