[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Insomnia : ISVA-110427.1 - IGSS ODBC Service Remote Overflow Vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Insomnia : ISVA-110427.1 - IGSS ODBC Service Remote Overflow Vulnerability
From: "advisories" <advisories@xxxxxxxxxxxxxxx>
Date: Wed, 27 Apr 2011 15:04:45 +1200

___________________________________________________________________

 Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

 Name: IGSS ODBC Service Remote Overflow Vulnerability
 Released: 27 April 2011
  
 Vendor Link: 
    http://www.igss.com
  
 Affected Products:
    IGSS (Interactive Graphical SCADA System) v9
     
 Original Advisory: 
    http://www.insomniasec.com/advisories/ISVA-110427.1.htm
 
 Researcher: 
    James Burton, Insomnia Security
    http://www.insomniasec.com
___________________________________________________________________

_______________

 Description
_______________

IGSS (Interactive Graphical SCADA System) is a complete automation
software - a SCADA system for process control and supervision. It
was developed by 7-Technologies and is the first world's first
object orientated, mouse operated SCADA system.

A remote stack overflow vulnerability exists in the IGSS ODBC service.

No authentication is required to exploit this vulnerability.

_______________

 Details
_______________
 
The ODBC service component of IGSS listens on port 20222/tcp by default. 

The application layer protocol runs over TCP and reads an initial packet
that specifies the amount of data to follow. A second read then takes
place and the data is copied into a variable length buffer. Next the data
is parsed and during this process a buffer overflow occurs on the stack.

At minimum this vulnerability leads to denial of service though remote code
execution may be possible.

_______________

 Solution
_______________

Download the latest version using the IGSS Update application
found under the Information and Support menu of IGSS Master.
Alternatively email support (at) igss.com for more information.

_______________

 Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.

___________________________________________________________________
 
 Insomnia Security Vulnerability Advisory: ISVA-110427.1
___________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] B-Sides Vienna | NinjaCon 11 Call For Participation
Next by Date: [Full-disclosure] Insomnia : ISVA-110427.2 - Up.Time Administration Interface Authentication Bypass Vulnerability
Previous by thread: [Full-disclosure] B-Sides Vienna | NinjaCon 11 Call For Participation
Next by thread: [Full-disclosure] Insomnia : ISVA-110427.2 - Up.Time Administration Interface Authentication Bypass Vulnerability
Index(es):
- Date
- Thread