Published: 05/08/2010 Updated: 05/08/2010
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

BarnOwl prior to 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

barnowl barnowl 1.0.0

barnowl barnowl 1.0.1

barnowl barnowl 1.0.2

barnowl barnowl

barnowl barnowl 1.0.3

barnowl barnowl 1.0.4

barnowl barnowl

barnowl barnowl 1.0.5

barnowl barnowl 1.1

barnowl barnowl 1.1.1

barnowl barnowl 1.2

barnowl barnowl 1.2.1

barnowl barnowl 1.3

barnowl barnowl 1.4

barnowl barnowl 1.5

barnowl barnowl 1.5.1

barnowl barnowl 1.6

barnowl barnowl

Vendor Advisories

Debian Bug report logs - #593299 barnowl: CVE-2010-2725 Package: barnowl; Maintainer for barnowl is Sam Hartman <hartmans@debianorg>; Source for barnowl is src:barnowl (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 17 Aug 2010 01:33:02 UTC Severity: serious Tags: securit ...
It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code For the stable distribution (lenny), this problem has ...