var-200809-0422
Vulnerability from variot
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet. RealFlex RealWin demo version contains a vulnerability in the way "FC_INFOTAG/SET_CONTROL" packets are processed. DATAC RealWin Is FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets. DATAC RealWin Is Human Machine Interface With components, Microsoft Windows2000/XP Work on SCADA Server software. RealWin Is Crafted FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets.Arbitrary code execution or denial of service by a remote third party (DoS) There is a possibility of being attacked. DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition. RealWin SCADA server 2.0 is affected; other versions may also be vulnerable. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: RealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow
SECUNIA ADVISORY ID: SA32055
VERIFY ADVISORY: http://secunia.com/advisories/32055/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: RealWin 2.x http://secunia.com/advisories/product/19990/
DESCRIPTION: Ruben Santamarta has discovered a vulnerability in RealWin, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the processing of TCP packets received on port 910 by default.
SOLUTION: Restrict network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reversemode
ORIGINAL ADVISORY: http://reversemode.com/index.php?option=com_content&task=view&id=55&Itemid=1
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dataconline",
"version": null
},
{
"model": "realwin server",
"scope": "eq",
"trust": 1.6,
"vendor": "realflex",
"version": "2.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "realflex",
"version": null
},
{
"model": "realwin",
"scope": "eq",
"trust": 0.8,
"vendor": "datac online",
"version": "2.x"
},
{
"model": "control international realwin scada server",
"scope": "eq",
"trust": 0.3,
"vendor": "datac",
"version": "2.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "BID",
"id": "31418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:realflex_technologies_ltd:realwin_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta\u203b ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4322",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-4322",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-4322",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#976484",
"trust": 0.8,
"value": "2.48"
},
{
"author": "NVD",
"id": "CVE-2008-4322",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-411",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet. RealFlex RealWin demo version contains a vulnerability in the way \"FC_INFOTAG/SET_CONTROL\" packets are processed. DATAC RealWin Is FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets. DATAC RealWin Is Human Machine Interface With components, Microsoft Windows2000/XP Work on SCADA Server software. RealWin Is Crafted FC_INFOTAG/SET_CONTROL A buffer overflow vulnerability exists due to improper handling of packets.Arbitrary code execution or denial of service by a remote third party (DoS) There is a possibility of being attacked. DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition. \nRealWin SCADA server 2.0 is affected; other versions may also be vulnerable. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nRealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA32055\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32055/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nRealWin 2.x\nhttp://secunia.com/advisories/product/19990/\n\nDESCRIPTION:\nRuben Santamarta has discovered a vulnerability in RealWin, which can\nbe exploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in the processing\nof TCP packets received on port 910 by default. \n\nSOLUTION:\nRestrict network access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nRuben Santamarta, Reversemode\n\nORIGINAL ADVISORY:\nhttp://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=55\u0026Itemid=1\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4322"
},
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "BID",
"id": "31418"
},
{
"db": "PACKETSTORM",
"id": "70444"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#976484",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2008-4322",
"trust": 2.7
},
{
"db": "BID",
"id": "31418",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "32055",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-2694",
"trust": 2.4
},
{
"db": "XF",
"id": "45465",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080926 DATAC REALWIN 2.0 SCADA SOFTWARE - REMOTE PREAAUTH EXPLOIT",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "70444",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "BID",
"id": "31418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "PACKETSTORM",
"id": "70444"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"id": "VAR-200809-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.561607135
},
"last_update_date": "2024-11-23T22:09:33.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Contact Us",
"trust": 0.8,
"url": "http://www.dataconline.com/profile/contact.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/976484"
},
{
"trust": 2.5,
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=55\u0026itemid=1"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/31418"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2008/2694"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/32055"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/45465"
},
{
"trust": 1.1,
"url": "http://www.dataconline.com/software/realwin.php"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/496759/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45465"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/32055/"
},
{
"trust": 0.8,
"url": "http://www.realflex.com/products/realwin/realwin.php"
},
{
"trust": 0.8,
"url": "http://www.dataconline.com/profile/profile.php"
},
{
"trust": 0.8,
"url": "http://www.realflex.com/profile/history.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4322"
},
{
"trust": 0.8,
"url": "http://jvn.jpcert.or.jp/cert/jvnvu976484/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4322"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/496759/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2694"
},
{
"trust": 0.3,
"url": "/archive/1/496759"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19990/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "BID",
"id": "31418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "PACKETSTORM",
"id": "70444"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#976484"
},
{
"db": "BID",
"id": "31418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"db": "PACKETSTORM",
"id": "70444"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-02T00:00:00",
"db": "CERT/CC",
"id": "VU#976484"
},
{
"date": "2008-09-26T00:00:00",
"db": "BID",
"id": "31418"
},
{
"date": "2008-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"date": "2008-09-29T18:49:11",
"db": "PACKETSTORM",
"id": "70444"
},
{
"date": "2008-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"date": "2008-09-29T19:25:59.353000",
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#976484"
},
{
"date": "2015-05-07T17:23:00",
"db": "BID",
"id": "31418"
},
{
"date": "2008-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002140"
},
{
"date": "2008-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-411"
},
{
"date": "2024-11-21T00:51:23.170000",
"db": "NVD",
"id": "CVE-2008-4322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RealFlex RealWin buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#976484"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-411"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…