فا

‫ SolarWinds Network Configuration Manager "PEstrarg1" Buffer Overflow Vulnerability

IRCAD2014053340

Number: IRCAD2014053340

Date: 2014/05/28

Criticality level: highly critical

Software:

SolarWinds Network Configuration Manager 7.x

Description

A vulnerability has been reported in SolarWinds Network Configuration Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when handling the "PEstrarg1" property and can be exploited to cause a heap-based buffer overflow by assigning an overly long string to this property.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 7.3. Other versions may be affected.

Solution:

No official solution is currently available. Reportedly this will be fixed in version 7.3 (currently in Release Candidate stage).

Resources:

ZDI-14-133:

secunia:
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 خرداد 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0