OSVDB ID: 86413

Title: Logica HotScan Listener Interface Crafted Packet Parsing Remote Overflow

Info

Disclosure

Oct 09, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 16, 2012

Description

Logica HotScan is prone to an overflow condition. The HotScan listener interface fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Coordinated Disclosure

Solution

Logica has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue.

Products

Logica plc

HotScan

Unspecified

References

CVE ID: 2012-2624 (see also: NVD)
Secunia Advisory ID: 50920
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-10/0051.html
Vendor URL: http://www.logica.com/#

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86413