Open DC Hub: Remote code execution — GLSA 200411-37

Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.

Affected packages

Package 	net-p2p/opendchub on all architectures
Affected versions 	< 0.7.14-r2
Unaffected versions 	>= 0.7.14-r2

Background

Open DC Hub is the hub software for the Direct Connect file sharing network.

Description

Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub.

Impact

Upon exploitation, a remote user with administrative privileges can execute arbitrary code on the system running the Open DC Hub.

Workaround

Only give administrative rights to trusted users.

Resolution

All Open DC Hub users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.7.14-r2"

References

    Full-Disclosure Advisory
    CVE-2004-1127