Summary
The host is installed with ZIM Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution and cause denial of service.
Impact Level: System
Solution
Upgrde to Zilab Software Zilab Chat and Instant Messaging Server version 3.3 or later For updates refer to http://www.zilab.com/zim.shtml.
Insight
The issues are due to,
- boundary errors in the server while handling overly long crafted packets sent to default prot 7700.
- a null pointer de-reference within the server will crash the service via a specially crafted packet sent to default port 7700.
Affected
Zilab Software Zilab Chat and Instant Messaging Server 2.1 and prior.
References
Severity
Classification
-
CVE CVE-2008-5279, CVE-2008-5280 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple iTunes Local Privilege Escalation Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
- ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability
- Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
- freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability