Preemptive Protection against Free Download Manager Remote Control Server
| Check Point Reference: | CPAI-2009-051 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Research | |
| Industry Reference(s): | CVE-2009-0183 CVE-2008-2234 |
|
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Free Download Manager 2.5 Build 758 Free Download Manager 3.0 Build 844 | ||
| Vulnerability Description A buffer overflow vulnerability was reported in Free Download Manager, a free download accelerator and manager. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This issue can be triggered via an HTTP request containing an overly long "Authorization" header. Successful exploitation allows execution of arbitrary code. |
||
|
Update/Patch Available Upgrade to Free Download Manager version 3.0 build 848 : http://www.freedownloadmanager.org/download.htm |
|
|
Vulnerability Details The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. Sending a crafted HTTP request can be exploited to cause a stack-based buffer overflow that may result in arbitrary code execution. |
Protection Overview
Users of IPS-1 are preemptive against this vulnerability if they have activated the protection against Openwsman Authentication Buffer Overflow released in November 2008 (CPAI-2008-235). IPS-1 detects and blocks HTTP requests with long Authorization headers.
To configure the defense, select your product from the list below and follow the related protection steps.