📄 Description (English)
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition.
🤖 AI Executive Summary
CVE-2018-25423 is a buffer overflow vulnerability in Arm Whois 3.11 that allows local attackers to cause denial of service by supplying oversized input strings (700+ bytes) to IP address or domain fields. While no public exploit exists and no patch is available, the vulnerability poses a risk to organizations using this legacy tool for network reconnaissance and domain management. The medium CVSS score (6.2) reflects local attack requirements but the lack of patch availability increases operational risk.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 30, 2026 20:19
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Arm Whois 3.11 for network administration and domain management face denial of service risks, particularly in: (1) Banking sector (SAMA-regulated institutions) relying on legacy network tools for infrastructure management; (2) Government agencies (NCA, CITC) using whois utilities for network reconnaissance; (3) Telecom operators (STC, Mobily) managing IP address allocations; (4) Energy sector (ARAMCO, SEC) for network infrastructure monitoring. The impact is primarily operational disruption rather than data breach, but affects critical network management functions.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
4.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems running Arm Whois 3.11 and document inventory
2. Restrict local access to whois application through file permissions and access controls
3. Implement input validation at application wrapper level to reject inputs exceeding 256 bytes
4. Monitor process crashes and whois application errors in system logs
Compensating Controls:
5. Deploy application whitelisting to restrict whois execution to authorized users only
6. Use network segmentation to limit local access to systems running whois
7. Implement application-level input filtering using wrapper scripts
8. Consider migrating to alternative whois implementations (e.g., jwhois, whois from GNU)
Detection Rules:
9. Alert on whois process crashes or segmentation faults in syslog
10. Monitor for command-line arguments exceeding 700 bytes to whois binary
11. Track failed whois operations with oversized input strings
12. Implement IDS signatures for buffer overflow patterns in local process execution
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل Arm Whois 3.11 وتوثيق المخزون
2. تقييد الوصول المحلي لتطبيق whois من خلال أذونات الملفات والتحكم في الوصول
3. تنفيذ التحقق من صحة الإدخال على مستوى غلاف التطبيق لرفض المدخلات التي تتجاوز 256 بايت
4. مراقبة أعطال العمليات وأخطاء تطبيق whois في سجلات النظام
الضوابط البديلة:
5. نشر القائمة البيضاء للتطبيقات لتقييد تنفيذ whois للمستخدمين المصرح لهم فقط
6. استخدام تقسيم الشبكة لتحديد الوصول المحلي للأنظمة التي تقوم بتشغيل whois
7. تنفيذ تصفية الإدخال على مستوى التطبيق باستخدام نصوص الغلاف
8. النظر في الترحيل إلى تطبيقات whois بديلة (مثل jwhois أو whois من GNU)
قواعد الكشف:
9. تنبيه عند أعطال عملية whois أو أخطاء التجزئة في syslog
10. مراقبة وسائط سطر الأوامر التي تتجاوز 700 بايت لثنائي whois
11. تتبع عمليات whois الفاشلة مع سلاسل إدخال كبيرة الحجم
12. تنفيذ توقيعات IDS لأنماط تجاوز المخزن المؤقت في تنفيذ العملية المحلية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies (application security requirements)
ECC 2024 A.12.6.1 - Management of technical vulnerabilities (patch management)
ECC 2024 A.14.2.1 - Secure development policy (secure coding practices)
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Business Environment (asset management)
SAMA CSF PR.IP-12 - Information and Communications (vulnerability management)
SAMA CSF DE.CM-8 - Detection and Analysis (monitoring and detection)
🟡 ISO 27001:2022
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Secure development and change management
ISO 27001:2022 A.8.1.1 - Screening (secure software selection)
🔗 References & Sources 4
🔗
🔗
🔗
🔗
http://www.armcode.com/
disclosure@vulncheck.com
http://www.armcode.com/downloads/arm-whois.exe
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45762
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/arm-whois-denial-of-service-via-buffer-overflow
disclosure@vulncheck.com