Buffer overflow : Codesys CmpWebServer Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.802280

Kategorie: Buffer overflow

Titel: Codesys CmpWebServer Multiple Vulnerabilities

Zusammenfassung: Codesys is prone to multiple vulnerabilities.

Beschreibung: Summary:
Codesys is prone to multiple vulnerabilities.

Vulnerability Insight:
- A boundary error in the Control service when processing web
requests can be exploited to cause a stack-based buffer overflow via an overly
long URL sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing HTTP POST requests can be exploited to deny
processing further requests via a specially crafted 'Content-Length' header
sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing web requests can be exploited to deny
processing further requests by sending a request with an unknown HTTP
method to TCP port 8080

- An error in the Control service when processing web requests containing a
non existent directory can be exploited to create arbitrary directories
within the webroot via requests sent to TCP port 8080

- An integer overflow error in the Gateway service when processing certain
requests can be exploited to cause a heap-based buffer overflow via a
specially crafted packet sent to TCP port 1217

Vulnerability Impact:
Successful exploitation may allow remote attackers to execute
arbitrary code on the system or cause the application to crash.

Affected Software/OS:
Codesys version 3.4 SP4 Patch 2 and prior.

Solution:
Upgrade to version 2.3.9.32, 3.5 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-5007
Bugtraq: 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (Google Search)
http://seclists.org/bugtraq/2011/Nov/178
http://www.exploit-db.com/exploits/18187
http://aluigi.altervista.org/adv/codesys_1-adv.txt
http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf
http://osvdb.org/77387
http://secunia.com/advisories/47018
Common Vulnerability Exposure (CVE) ID: CVE-2011-5008
http://www.osvdb.org/77386
XForce ISS Database: codesys-gatewayservice-bo(71531)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71531
Common Vulnerability Exposure (CVE) ID: CVE-2011-5009
http://www.osvdb.org/77388
http://www.osvdb.org/77389
XForce ISS Database: codesys-cmpwebserver-dos(71533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71533
Common Vulnerability Exposure (CVE) ID: CVE-2011-5058
XForce ISS Database: codesys-cmbwebserver-dir-traversal(72339)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72339

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.802280
Kategorie:	Buffer overflow
Titel:	Codesys CmpWebServer Multiple Vulnerabilities
Zusammenfassung:	Codesys is prone to multiple vulnerabilities.
Beschreibung:	Summary: Codesys is prone to multiple vulnerabilities. Vulnerability Insight: - A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080 - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted 'Content-Length' header sent to TCP port 8080 - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080 - An error in the Control service when processing web requests containing a non existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080 - An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217 Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash. Affected Software/OS: Codesys version 3.4 SP4 Patch 2 and prior. Solution: Upgrade to version 2.3.9.32, 3.5 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5007 Bugtraq: 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (Google Search) http://seclists.org/bugtraq/2011/Nov/178 http://www.exploit-db.com/exploits/18187 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf http://osvdb.org/77387 http://secunia.com/advisories/47018 Common Vulnerability Exposure (CVE) ID: CVE-2011-5008 http://www.osvdb.org/77386 XForce ISS Database: codesys-gatewayservice-bo(71531) https://exchange.xforce.ibmcloud.com/vulnerabilities/71531 Common Vulnerability Exposure (CVE) ID: CVE-2011-5009 http://www.osvdb.org/77388 http://www.osvdb.org/77389 XForce ISS Database: codesys-cmpwebserver-dos(71533) https://exchange.xforce.ibmcloud.com/vulnerabilities/71533 Common Vulnerability Exposure (CVE) ID: CVE-2011-5058 XForce ISS Database: codesys-cmbwebserver-dir-traversal(72339) https://exchange.xforce.ibmcloud.com/vulnerabilities/72339
Copyright	Copyright (C) 2011 Greenbone AG