Buffer overflow : Codesys CmpWebServer Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802280

Categoría: Buffer overflow

Título: Codesys CmpWebServer Multiple Vulnerabilities

Resumen: Codesys is prone to multiple vulnerabilities.

Descripción: Summary:
Codesys is prone to multiple vulnerabilities.

Vulnerability Insight:
- A boundary error in the Control service when processing web
requests can be exploited to cause a stack-based buffer overflow via an overly
long URL sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing HTTP POST requests can be exploited to deny
processing further requests via a specially crafted 'Content-Length' header
sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing web requests can be exploited to deny
processing further requests by sending a request with an unknown HTTP
method to TCP port 8080

- An error in the Control service when processing web requests containing a
non existent directory can be exploited to create arbitrary directories
within the webroot via requests sent to TCP port 8080

- An integer overflow error in the Gateway service when processing certain
requests can be exploited to cause a heap-based buffer overflow via a
specially crafted packet sent to TCP port 1217

Vulnerability Impact:
Successful exploitation may allow remote attackers to execute
arbitrary code on the system or cause the application to crash.

Affected Software/OS:
Codesys version 3.4 SP4 Patch 2 and prior.

Solution:
Upgrade to version 2.3.9.32, 3.5 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-5007
Bugtraq: 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (Google Search)
http://seclists.org/bugtraq/2011/Nov/178
http://www.exploit-db.com/exploits/18187
http://aluigi.altervista.org/adv/codesys_1-adv.txt
http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf
http://osvdb.org/77387
http://secunia.com/advisories/47018
Common Vulnerability Exposure (CVE) ID: CVE-2011-5008
http://www.osvdb.org/77386
XForce ISS Database: codesys-gatewayservice-bo(71531)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71531
Common Vulnerability Exposure (CVE) ID: CVE-2011-5009
http://www.osvdb.org/77388
http://www.osvdb.org/77389
XForce ISS Database: codesys-cmpwebserver-dos(71533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71533
Common Vulnerability Exposure (CVE) ID: CVE-2011-5058
XForce ISS Database: codesys-cmbwebserver-dir-traversal(72339)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72339

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802280
Categoría:	Buffer overflow
Título:	Codesys CmpWebServer Multiple Vulnerabilities
Resumen:	Codesys is prone to multiple vulnerabilities.
Descripción:	Summary: Codesys is prone to multiple vulnerabilities. Vulnerability Insight: - A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080 - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted 'Content-Length' header sent to TCP port 8080 - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080 - An error in the Control service when processing web requests containing a non existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080 - An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217 Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash. Affected Software/OS: Codesys version 3.4 SP4 Patch 2 and prior. Solution: Upgrade to version 2.3.9.32, 3.5 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5007 Bugtraq: 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (Google Search) http://seclists.org/bugtraq/2011/Nov/178 http://www.exploit-db.com/exploits/18187 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf http://osvdb.org/77387 http://secunia.com/advisories/47018 Common Vulnerability Exposure (CVE) ID: CVE-2011-5008 http://www.osvdb.org/77386 XForce ISS Database: codesys-gatewayservice-bo(71531) https://exchange.xforce.ibmcloud.com/vulnerabilities/71531 Common Vulnerability Exposure (CVE) ID: CVE-2011-5009 http://www.osvdb.org/77388 http://www.osvdb.org/77389 XForce ISS Database: codesys-cmpwebserver-dos(71533) https://exchange.xforce.ibmcloud.com/vulnerabilities/71533 Common Vulnerability Exposure (CVE) ID: CVE-2011-5058 XForce ISS Database: codesys-cmbwebserver-dir-traversal(72339) https://exchange.xforce.ibmcloud.com/vulnerabilities/72339
Copyright	Copyright (C) 2011 Greenbone AG