Vulnerability identifier: #VU35043
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Chicken Scheme
Universal components / Libraries /
Software for developers
Debian Linux
Operating systems & Components /
Operating system
Vendor:
call-cc.org
Debian
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Chicken Scheme: 4.9.0 - 4.9.0.1
Debian Linux: 4.9.0 - 9.0
External links
http://www.openwall.com/lists/oss-security/2014/09/11/6
http://www.securityfocus.com/bid/69727
http://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html
http://security-tracker.debian.org/tracker/CVE-2014-6310
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.