CVE-2012-4359

Sažetak

Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.

Reference

http://aluigi.org/adv/winlog_2-adv.txt
http://secunia.com/advisories/49395
http://www.sielcosistemi.com/en/news/index.html?id=70
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

20-08-2012 - 04:00

Objavljeno

19-08-2012 - 20:55