Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

LCDproc buffer overflow

Information

Severity

Severity

Critical

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Mitigation

Created

Created

16 years ago

Modified

Modified

4 years ago

Summary

LCDproc is a system that is used to display system information and other data on an LCD display (or any supported display device, including curses or text) The LCDproc version 4.0 and above uses a client-server protocol, allowing anyone with access to the LCDproc server to modify the displayed content. It is possible to cause the LCDproc server to crash and execute arbitrary code by sending the server a large buffer that will overflow its internal buffer.

Solution

Solution

Disable access to this service from outside by disabling access to TCP port 13666 (default port used)

Common Vulnerabilities and Exposures (CVE)