LiveData ICCP Server Remote Heap Overflow Vulnerability
BID:18010
Info
LiveData ICCP Server Remote Heap Overflow Vulnerability
| Bugtraq ID: | 18010 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0059 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2006 12:00AM |
| Updated: | May 17 2006 08:44PM |
| Credit: | Discovery is credited to Matt Franz of Digital Bond Inc. |
| Vulnerable: |
LiveData LiveData ICCP Server 5.0.34 |
| Not Vulnerable: |
LiveData LiveData ICCP Server 5.0.39 LiveData LiveData ICCP Server 5.0.35 |
Discussion
LiveData ICCP Server Remote Heap Overflow Vulnerability
LiveData ICCP Server is susceptible to a remote heap-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to crash a vulnerable server. Reports indicate that this issue does not allow attackers to execute arbitrary code, but this has not been confirmed.
LiveData ICCP Server versions prior to 5.00.035 are vulnerable.
LiveData ICCP Server is susceptible to a remote heap-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to crash a vulnerable server. Reports indicate that this issue does not allow attackers to execute arbitrary code, but this has not been confirmed.
LiveData ICCP Server versions prior to 5.00.035 are vulnerable.
Exploit / POC
LiveData ICCP Server Remote Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
LiveData ICCP Server Remote Heap Overflow Vulnerability
Solution:
The vendor has released updates to address this issue. Versions 5.00.035 and subsequent are not vulnerable.
LiveData LiveData ICCP Server 5.0.34
Solution:
The vendor has released updates to address this issue. Versions 5.00.035 and subsequent are not vulnerable.
LiveData LiveData ICCP Server 5.0.34
-
LiveData LiveData ICCP Server 5.00.039
ftp://ftp.livedata.com/
References
LiveData ICCP Server Remote Heap Overflow Vulnerability
References:
References: