Borland StarTeam Multicast Service parse_request buffer overflow

Added: 04/25/2008
CVE: CVE-2008-0311
BID: 28602
OSVDB: 44039

Background

Borland StarTeam is a software change and configuration management system.

Problem

A buffer overflow vulnerability in the PGMWebHandler::parse_request function in the StarTeam Multicast Service allows remote attackers to execute arbitrary commands by sending a large HTTP request.

Resolution

Disable the Multicast Service monitoring port.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675

Limitations

Exploit works on Borland StarTeam 2005.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index