A vulnerability, which was classified as problematic, has been found in Avaya libsafe. This issue affects the function _libsafe_die in the library libsafe_die. The manipulation with an unknown input leads to a remote code execution vulnerability. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.

The weakness was shared 05/02/2005 (Website). The advisory is shared at securityfocus.com. The identification of this vulnerability is CVE-2005-1125 since 04/16/2005. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.

The exploit is available at exploit-db.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at Exploit-DB (25429) and SecurityFocus (BID 13190†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• Avaya

Name

• libsafe

Version

• 2.0.1
• 2.0.2
• 2.0.3
• 2.0.4
• 2.0.5
• 2.0.6
• 2.0.7
• 2.0.8
• 2.0.9
• 2.0.10
• 2.0.11
• 2.0.12
• 2.0.13
• 2.0.14
• 2.0.15
• 2.0.16

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion