lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <006701cc0487$e0248e90$a06dabb0$@com>
Date: Wed, 27 Apr 2011 15:04:45 +1200
From: "advisories" <advisories@...omniasec.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Insomnia : ISVA-110427.1 - IGSS ODBC Service
	Remote Overflow Vulnerability

___________________________________________________________________

 Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

 Name: IGSS ODBC Service Remote Overflow Vulnerability
 Released: 27 April 2011
  
 Vendor Link: 
    http://www.igss.com
  
 Affected Products:
    IGSS (Interactive Graphical SCADA System) v9
     
 Original Advisory: 
    http://www.insomniasec.com/advisories/ISVA-110427.1.htm
 
 Researcher: 
    James Burton, Insomnia Security
    http://www.insomniasec.com
___________________________________________________________________

_______________

 Description
_______________

IGSS (Interactive Graphical SCADA System) is a complete automation
software - a SCADA system for process control and supervision. It
was developed by 7-Technologies and is the first world's first
object orientated, mouse operated SCADA system.

A remote stack overflow vulnerability exists in the IGSS ODBC service.

No authentication is required to exploit this vulnerability.

_______________

 Details
_______________
 
The ODBC service component of IGSS listens on port 20222/tcp by default. 

The application layer protocol runs over TCP and reads an initial packet
that specifies the amount of data to follow. A second read then takes
place and the data is copied into a variable length buffer. Next the data
is parsed and during this process a buffer overflow occurs on the stack.

At minimum this vulnerability leads to denial of service though remote code
execution may be possible.

_______________

 Solution
_______________

Download the latest version using the IGSS Update application
found under the Information and Support menu of IGSS Master.
Alternatively email support (at) igss.com for more information.

_______________

 Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.

___________________________________________________________________
 
 Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ