A vulnerability, which was classified as critical, was found in ja-xklock 2.7.1. This affects some unknown functionality. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.

The weakness was published 02/07/2001 (Website). The advisory is shared at archives.neohapsis.com. This vulnerability is uniquely identified as CVE-2001-0221. The exploitability is told to be easy. An attack has to be approached locally. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available.

A public exploit has been developed by dethy and been published 4 weeks after the advisory. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (6073), Exploit-DB (286), SecurityFocus (BID 2379†) and OSVDB (6990†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• ja-xklock

Version

• 2.7.1

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion