Echoping: Buffer Overflow Vulnerabilities

Echoping: Buffer Overflow Vulnerabilities A buffer overflow in Echoping might allow remote attackers to cause a Denial of Service condition. echoping 2014-06-06 2014-06-06 349569 remote 6.0.2_p434 6.0.2_p434

Echoping is a small program to test performances of a remote host by sending it TCP packets.

A boundary error exists within the “TLS_readline()” function, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to Echoping. Also, a similar boundary error exists within the “SSL_readline()” function, which can be exploited in the same manner.

A remote attacker could send a specially crafted HTTP reply, possibly resulting in a Denial of Service condition.

There is no known workaround at this time.

All Echoping users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-analyzer/echoping-6.0.2_p434"

CVE-2010-5111 pinkbyte pinkbyte