IDA Pro debugger unauthorized access - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

IDA Pro debugger unauthorized access
Published: 24.03.2007
Source: BUGTRAQ
SecurityVulns ID: 7461
Type: remote
Level: 5/10
Description: Remote debugging request is executed regrdless of authentication state.

Affected: DATARESCUE : IDA Pro 5.1
CVE: CVE-2007-1666 (The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.)

Original document IDEFENSE, iDefense Security Advisory 03.23.07: DataRescue IDA Pro Remote Debugger Server Authentication Bypass Vulnerability (24.03.2007)

Discuss: Read or add your comments to this news (0 comments)