LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability

Bugtraq ID:	23773
Class:	Boundary Condition Error
CVE:	CVE-2007-2489
Remote:	Yes
Local:	No
Published:	May 02 2007 12:00AM
Updated:	Aug 19 2008 08:45PM
Credit:	The discoverer of this issue wishes to remain anonymous. This issue was disclosed in the referenced iDefense advisory.
Vulnerable:	LiveData LiveData RTI Server 5.0.45 LiveData LiveData Protocol Server 5.0.45 LiveData LiveData Maintenance Server 5.0.45
Not Vulnerable:	LiveData LiveData RTI Server 5.0.62 LiveData LiveData Protocol Server 5.0.62 LiveData LiveData Maintenance Server 5.0.62

LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability

LiveData Protocol Server is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to crash a vulnerable server and possibly to execute arbitrary code in certain cases.

This issue affects LiveData Protocol Server 5.00.045; other versions may also be vulnerable.

LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability

Solution:
The vendor has released updates to address this issue. LiveData Protocol Server 5.00.062 and subsequent versions are not vulnerable.

LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability

References:

• LiveData Home page (LiveData)
  
• iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vuln (iDefense)
  
• LiveData Protocol Server Heap Overflow Vulnerability (iDefense)
  
• Vulnerability Note VU#213516 LiveData Protocol Server fails to properly handle r (US-CERT)