- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.esri.com/software/arcgis/arcsde/index.html> ESRI Inc. ArcSDE
is a multi-user database server bundled with ArcGIS to provide access to
Geographic Information Systems (GIS).
Remote exploitation of a buffer overflow vulnerability within
Environmental Systems Research Institute (ESRI) Inc.'s ArcSDE service
allows attackers to crash the service or potentially execute arbitrary
code.
DETAILS
Vulnerable Systems:
* ArcSDE version 9.2, as bundled with ArcGIS.
* (All versions are suspected to be vulnerable.)
This vulnerability specifically exists due to insufficient buffer space
when representing user-supplied numeric values in ASCII. Certain requests
result in an sprintf() call using a static-sized 8 byte stack buffer. If
an attacker supplies a number that's ASCII value cannot be represented
within 8 bytes, a stack-based buffer overflow occurs.
Exploitation allows attackers to crash the service, or potentially execute
arbitrary code.
Since an attacker can only overflow the buffer with numeric values and a
single NUL byte, the execution of arbitrary may not be possible. Denial of
service is definitely possible.
No authentication is required to exploit this vulnerability. Exploitation
requires that attacker be able to communicate with the server via the TCP
port on which it is listening. By default the server listens on port 5151.
Workaround:
Employing firewalls to limit access to the affected service can help
prevent potential exploitation of this vulnerability.
Vendor Status:
ESRI has addressed this vulnerability by releasing ArcSDE 9.2 Service Pack
3. More information is available from their Service Pack 3 release notes
at the following URL.
<http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm> http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4278>
CVE-2007-4278
Disclosure Timeline:
* 05/14/2007 - Initial vendor notification.
* 05/14/2007 - Initial vendor response.
* 08/15/2007 - Coordinated public disclosure.
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment