Open DC Hub: Arbitrary code execution A vulnerability in Open DC Hub could result in execution of arbitrary code. opendchub 2013-11-20 2013-11-20 314551 remote 0.8.2 0.8.2

Open DC Hub is the hub software for the Direct Connect file sharing network.

A stack-based buffer overflow flaw has been discovered in the way Open DC Hub sanitized content of a user’s MyINFO message.

A remote authenticated user may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted MyINFO message.

There is no known workaround at this time.

All Open DC Hub users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/opendchub-0.8.2" CVE-2010-1147 underling Zlogene