Multiple LiveData Servers COTP Packets Denial of Service Vulnerability

Bugtraq ID:	23775
Class:	Input Validation Error
CVE:	CVE-2007-2490
Remote:	Yes
Local:	No
Published:	May 02 2007 12:00AM
Updated:	Aug 19 2008 08:35PM
Credit:	Discovery is credited to Matt Franz of Digital Bond Inc.
Vulnerable:	LiveData LiveData RTI Server 5.0.45 LiveData LiveData Protocol Server 5.0.45 LiveData LiveData Maintenance Server 5.0.45
Not Vulnerable:	LiveData LiveData RTI Server 5.0.62 LiveData LiveData Protocol Server 5.0.62 LiveData LiveData Maintenance Server 5.0.62

Multiple LiveData Servers COTP Packets Denial of Service Vulnerability

Multiple LiveData Servers are prone to a remote denial-of-service vulnerability because the applications fail to properly handle user-supplied input.

A remote attacker can exploit this issue to crash an affected server, effectively denying service to legitimate users.

This issue affects versions prior to 5.00.062.

Multiple LiveData Servers COTP Packets Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple LiveData Servers COTP Packets Denial of Service Vulnerability

Solution:
The vendor has addressed this issue in version 5.00.062. Contact the vendor for details on obtaining and applying the appropriate updates.

Multiple LiveData Servers COTP Packets Denial of Service Vulnerability

References:

• LiveData Home page (LiveData)
  
• Vulnerability Note VU#711420 LiveData Server fails to properly handle Connection (US-CERT)