Summary
LCDproc (http://lcdproc.omnipotent.net) is a
system that is used to display system information and other data on an LCD display (or any supported display device, including curses or text)
The LCDproc version 4.0 and above uses a client-server protocol, allowing anyone with access to the LCDproc server to modify the displayed content.
It is possible to cause the LCDproc server to crash and execute arbitrary code by sending the server a large buffer that will overflow its internal buffer.
For more information see article:
http://www.securiteam.com/exploits/Remote_vulnerability_in_LCDproc_0_4__shell_access_.html (NOTE: URL maybe wrapped)
Solution
Disable access to this service from outside by disabling access to TCP port 13666 (default port used)
Severity
Classification
-
CVE CVE-2000-0295 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities