lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAAJh+d5zqA72j7VmQ1XaC5ia8oUWONFsSu2fONqi9DaLEGLgJg@mail.gmail.com>
Date: Wed, 12 Oct 2011 19:28:58 +0300
From: Henri Lindberg <henri+fulldisclosure@...nse.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: nSense-2011-005: Scadatec Procyon core server

      nSense Vulnerability Research Security Advisory NSENSE-2011-005
      ---------------------------------------------------------------

      Affected Vendor:    Scadatec
      Affected Product:   Procyon core server <=1.06
      Platform:           Windows
      Impact:             Remote code execution
      Vendor response:    New version released
      CVE:                None
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------
      The coreservice.exe process contains a remotely exploitable
      memory corruption flaw which allows for remode code execution.
      The affected component is coreservice.exe, which listens on port
      23, running as SYSTEM. Sending a long string will trigger the
      overflow.

      Timeline:
      20110412     Contacted ICS-CERT
      20110527     Vendor communicates with ICS-CERT, working on fix
      20110720     Independtly rediscovered by Steven Seeley/Stratsec
      20110708     ICS-CERT provides link to fixed version
      20110708     nSense validates fix is working as intended
      20110804     ICS-CERT releases advisory to US-CERT portal
      20110907     ICS-CERT releases public advisory

      Solution
      Contact the vendor for an updated version:
      http://www.scadatec.co.uk/

      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ