Short Name |
APP:XDMCP:DTLOGIN-DBL-FREE |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
dtlogin Double Free Exploit |
Release Date |
2004/03/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects XDMCP request packets with an invalid type set, which can indicate an unknown protocol extension or an exploit attempt. Attackers can send an XDMCP request packet that contains an invalid type to crash dtlogin and generate double-free vulnerability.
It has been reported that a double free vulnerability exists in the dtlogin process of CDE. This issue presents itself due to the free() function being called on the same allocated chunk of memory more than once. This problem occurs prior to any authorization. Successful exploitation of this issue could lead to the corruption of an arbitrary location in memory, ultimately allowing for the attacker to control the execution flow of the affected process.