Buffer Overflow in IBM OmniFind Enterprise Edition Administration Interface
CVE-2010-3894

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

A stack-based buffer overflow vulnerability exists in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function within the IBM OmniFind Enterprise Edition's administration interface. Specifically, this flaw is present in the library 'libffq.cryptionjni.so', which can allow remote attackers to execute arbitrary code. The vulnerability is exploited by sending a specially crafted long password to the login form, highlighting the importance of robust input validation in security protocols. Organizations using affected versions should apply updates promptly to mitigate risks associated with this vulnerability.

References

http://www.exploit-db.com/exploits/15474

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010