Home / vulnerabilitiesPDF  

Insomnia Security Vulnerability Advisory 110427.1

Posted on 28 April 2011
Source : packetstormsecurity.org Link

 

___________________________________________________________________

Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

Name: IGSS ODBC Service Remote Overflow Vulnerability
Released: 27 April 2011

Vendor Link:
http://www.igss.com

Affected Products:
IGSS (Interactive Graphical SCADA System) v9

Original Advisory:
http://www.insomniasec.com/advisories/ISVA-110427.1.htm

Researcher:
James Burton, Insomnia Security
http://www.insomniasec.com
___________________________________________________________________

_______________

Description
_______________

IGSS (Interactive Graphical SCADA System) is a complete automation
software - a SCADA system for process control and supervision. It
was developed by 7-Technologies and is the first world's first
object orientated, mouse operated SCADA system.

A remote stack overflow vulnerability exists in the IGSS ODBC service.

No authentication is required to exploit this vulnerability.

_______________

Details
_______________

The ODBC service component of IGSS listens on port 20222/tcp by default.

The application layer protocol runs over TCP and reads an initial packet
that specifies the amount of data to follow. A second read then takes
place and the data is copied into a variable length buffer. Next the data
is parsed and during this process a buffer overflow occurs on the stack.

At minimum this vulnerability leads to denial of service though remote code
execution may be possible.

_______________

Solution
_______________

Download the latest version using the IGSS Update application
found under the Information and Support menu of IGSS Master.
Alternatively email support (at) igss.com for more information.

_______________

Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.

___________________________________________________________________

Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP

Malware :

Exploits :