Summary
The host is installed with ZIM Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution and cause denial of service.
Impact Level: System
Solution
Upgrde to Zilab Software Zilab Chat and Instant Messaging Server version 3.3 or later For updates refer to http://www.zilab.com/zim.shtml.
Insight
The issues are due to,
- boundary errors in the server while handling overly long crafted packets sent to default prot 7700.
- a null pointer de-reference within the server will crash the service via a specially crafted packet sent to default port 7700.
Affected
Zilab Software Zilab Chat and Instant Messaging Server 2.1 and prior.
References
Severity
Classification
-
CVE CVE-2008-5279, CVE-2008-5280 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Digital Edition Denial of Service Vulnerability (Windows)
- ClamAV Multiple Vulnerabilities (Linux)
- Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)
- Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
- Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability