IGSS ODBC Server Multiple Uninitialized Pointer Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running IGSS ODBC Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade IGSS 8 ODBC Server (Odbcixv8se.exe) version 11003 or later. For updates refer to http://www.igss.com/

Insight

The flaw is caused by an uninitialized pointer free conditions,when processing specially packets sent to port 20222/TCP, which could be exploited by remote unauthenticated attackers to crash an affected daemon. Note: IGSS uses a 3rd party ODBC driver kit from Dr. DeeBee

Affected

IGSS 8 ODBC Server (Odbcixv8se.exe) Version 10299, Other versions may also be affected.

References

http://packetstormsecurity.org/files/view/99653/
http://www.exploit-db.com/exploits/17033/
http://www.us-cert.gov/control_systems/pdf/ICSA-11-018-02.pdf
http://xforce.iss.net/xforce/xfdb/66261

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

CUPS IPP Use-After-Free Denial of Service Vulnerability
Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
Adobe Flash Media Server Multiple Denial of Service Vulnerabilities
ClamAV Multiple Vulnerabilities (Win)
Active Perl Denial of Service Vulnerability (Windows)

IGSS ODBC Server Multiple Uninitialized Pointer Denial of Service Vulnerability

Take action and discover your vulnerabilities