Steven Van Acker has reported a vulnerability in Pound, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the "add_port()" function and can be exploited to cause a buffer overflow by supplying an overly long hostname.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in version 1.8.2. Prior versions may also be affected.
SOFTWARE:
Pound 1.x
SOLUTION:
Update to version 1.8.3.
http://www.apsis.ch/pound/
PROVIDED AND/OR DISCOVERED BY:
Steven Van Acker
ORIGINAL ADVISORY:
http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000
VERIFY ADVISORY:
http://secunia.com/advisories/15142/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050505090927827